diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in
index e23e1027823..d267a6b2e65 100644
--- a/tmpfiles.d/systemd.conf.in
+++ b/tmpfiles.d/systemd.conf.in
@@ -64,3 +64,9 @@ d /var/lib/systemd/coredump 0755 root root 3d
 d /var/lib/private 0700 root root -
 d /var/log/private 0700 root root -
 d /var/cache/private 0700 root root -
+
+{% if ENABLE_EFI %}
+# Copy sd-stub provided PCR signature and and public key file from initrd into /run/, so that it will survive the initrd stage
+C /run/systemd/tpm2-pcr-signature.json 0444 root root - /.extra/tpm2-pcr-signature.json
+C /run/systemd/tpm2-pcr-public-key.pem 0444 root root - /.extra/tpm2-pcr-public-key.pem
+{% endif %}