diff --git a/keylime.spec b/keylime.spec
index df5dada..f259b43 100644
--- a/keylime.spec
+++ b/keylime.spec
@@ -9,7 +9,7 @@
 
 Name:    keylime
 Version: 7.12.1
-Release: 5%{?dist}
+Release: 6%{?dist}
 Summary: Open source TPM software for Bootstrapping and Maintaining Trust
 
 URL:            https://github.com/keylime/keylime
@@ -224,8 +224,12 @@ install -Dpm 644 ./services/%{srcname}_verifier.service \
 install -Dpm 644 ./services/%{srcname}_registrar.service \
     %{buildroot}%{_unitdir}/%{srcname}_registrar.service
 
-cp -r ./tpm_cert_store %{buildroot}%{_sharedstatedir}/%{srcname}/
-chmod 400 %{buildroot}%{_sharedstatedir}/%{srcname}/tpm_cert_store/*.pem
+# TPM cert store is deployed to both /usr/share/keylime/tpm_cert_store
+# and then /var/lib/keylime/tpm_cert_store.
+for cert_store_dir in %{_datadir} %{_sharedstatedir}; do
+    mkdir -p %{buildroot}/"${cert_store_dir}"/%{srcname}
+    cp -r ./tpm_cert_store %{buildroot}/"${cert_store_dir}"/%{srcname}/
+done
 
 # Install the sysusers + tmpfiles.d configuration.
 install -p -D -m 0644 %{SOURCE2} %{buildroot}/%{_sysusersdir}/%{srcname}.conf
@@ -402,6 +406,8 @@ fi
 %config(noreplace) %verify(not md5 size mode mtime) %attr(400,%{srcname},%{srcname}) %{_sysconfdir}/%{srcname}/logging.conf
 %attr(700,%{srcname},%{srcname}) %dir %{_rundir}/%{srcname}
 %attr(700,%{srcname},%{srcname}) %dir %{_sharedstatedir}/%{srcname}
+%attr(500,%{srcname},%{srcname}) %dir %{_datadir}/%{srcname}/tpm_cert_store
+%attr(400,%{srcname},%{srcname}) %{_datadir}/%{srcname}/tpm_cert_store/*.pem
 %attr(500,%{srcname},%{srcname}) %dir %{_sharedstatedir}/%{srcname}/tpm_cert_store
 %attr(400,%{srcname},%{srcname}) %{_sharedstatedir}/%{srcname}/tpm_cert_store/*.pem
 %{_tmpfilesdir}/%{srcname}.conf
@@ -415,6 +421,10 @@ fi
 %license LICENSE
 
 %changelog
+* Thu Jul 10 2025 Sergio Correia <scorreia@redhat.com> - 7.12.1-6
+- Populate cert_store_dir with tpmfiles.d
+  Resolves: RHEL-76926
+
 * Thu Jul 10 2025 Sergio Correia <scorreia@redhat.com> - 7.12.1-5
 - Use tmpfiles.d for permissions in /var/lib/keylime and /etc/keylime
   Resolves: RHEL-77144
diff --git a/keylime.tmpfiles b/keylime.tmpfiles
index 698648e..e7a12a9 100644
--- a/keylime.tmpfiles
+++ b/keylime.tmpfiles
@@ -11,10 +11,13 @@ d /etc/keylime/tenant.conf.d 0500 keylime keylime -
 d /etc/keylime/agent.conf.d 0500 keylime keylime -
 
 # TPM certificate store.
+# Copy the cert store from /usr/share/keylime/cert_store_dir
+# to /var/lib/keylime/cert_store_dir.
 # Files inside /var/lib/keylime/tpm_cert_store/ have
 # 0400 permission and are owned by keylime/keylime,
 # while /var/lib/keylime/tpm_cert_store/ itself has
 # permission 0500, also owned by keylime/keylime.
+C /var/lib/keylime/tpm_cert_store 0500 keylime keylime - /usr/share/keylime/cert_store_dir
 Z /var/lib/keylime/tpm_cert_store 0400 keylime keylime -
 z /var/lib/keylime/tpm_cert_store 0500 keylime keylime -
 # Finally, /var/lib/keylime itself has 0700 permission,