diff --git a/MsCorePkg/Library/BaseSecureBootKeyStoreLib/BaseSecureBootKeyStoreLib.inf b/MsCorePkg/Library/BaseSecureBootKeyStoreLib/BaseSecureBootKeyStoreLib.inf
new file mode 100644
index 0000000000..d577c15ee8
--- /dev/null
+++ b/MsCorePkg/Library/BaseSecureBootKeyStoreLib/BaseSecureBootKeyStoreLib.inf
@@ -0,0 +1,36 @@
+## @file - BaseSecureBootKeyStoreLib.inf
+#  Copyright (C) Microsoft Corporation. All rights reserved.
+#  SPDX-License-Identifier: BSD-2-Clause-Patent
+#
+
+[Defines]
+  INF_VERSION    = 0x00010005
+  BASE_NAME      = BaseSecureBootKeyStoreLib
+  FILE_GUID      = 02EEF9DA-5557-4090-BFF5-E07EF0344805
+  VERSION_STRING = 1.0
+  MODULE_TYPE    = BASE
+  LIBRARY_CLASS  = SecureBootKeyStoreLib
+
+# 
+# The following information is for reference only and not required by the build tools.
+# 
+# VALID_ARCHITECTURES = IA32 X64 AARCH64
+# 
+
+[Packages]
+  MdePkg/MdePkg.dec
+  SecurityPkg/SecurityPkg.dec
+  MsCorePkg/MsCorePkg.dec
+
+[Sources]
+  SecureBootKeyStoreLib.c
+
+[LibraryClasses]
+  PcdLib
+
+[FixedPcd]
+  gMsCorePkgTokenSpaceGuid.PcdDefaultKek  # CONSUMES
+  gMsCorePkgTokenSpaceGuid.PcdDefaultDb  # CONSUMES
+  gMsCorePkgTokenSpaceGuid.PcdDefault3PDb  # CONSUMES
+  gMsCorePkgTokenSpaceGuid.PcdDefaultDbx  # CONSUMES
+  gMsCorePkgTokenSpaceGuid.PcdDefaultPk  # CONSUMES
diff --git a/MsCorePkg/Library/BaseSecureBootKeyStoreLib/SecureBootKeyStoreLib.c b/MsCorePkg/Library/BaseSecureBootKeyStoreLib/SecureBootKeyStoreLib.c
new file mode 100644
index 0000000000..c8ca803992
--- /dev/null
+++ b/MsCorePkg/Library/BaseSecureBootKeyStoreLib/SecureBootKeyStoreLib.c
@@ -0,0 +1,74 @@
+/** @file SecureBootKeyStoreLib.c
+
+
+  Copyright (C) Microsoft Corporation. All rights reserved.
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <Uefi.h>
+#include <UefiSecureBoot.h>
+
+#include <Guid/ImageAuthentication.h>
+
+#include <Library/SecureBootVariableLib.h>
+#include <Library/PcdLib.h>
+
+SECURE_BOOT_PAYLOAD_INFO  mSecureBootPayload[] = {
+  {
+    .SecureBootKeyName = L"Microsoft Only",
+    .KekPtr            = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultKek),
+    .KekSize           = (CONST UINT32)FixedPcdGetSize (PcdDefaultKek),
+    .DbPtr             = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDb),
+    .DbSize            = (CONST UINT32)FixedPcdGetSize (PcdDefaultDb),
+    .DbxPtr            = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDbx),
+    .DbxSize           = (CONST UINT32)FixedPcdGetSize (PcdDefaultDbx),
+    .PkPtr             = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultPk),
+    .PkSize            = (CONST UINT32)FixedPcdGetSize (PcdDefaultPk),
+    .DbtPtr            = NULL,
+    .DbtSize           = 0,
+  },
+  {
+    .SecureBootKeyName = L"Microsoft Plus 3rd Party",
+    .KekPtr            = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultKek),
+    .KekSize           = (CONST UINT32)FixedPcdGetSize (PcdDefaultKek),
+    .DbPtr             = (CONST UINT8 *)FixedPcdGetPtr (PcdDefault3PDb),
+    .DbSize            = (CONST UINT32)FixedPcdGetSize (PcdDefault3PDb),
+    .DbxPtr            = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultDbx),
+    .DbxSize           = (CONST UINT32)FixedPcdGetSize (PcdDefaultDbx),
+    .PkPtr             = (CONST UINT8 *)FixedPcdGetPtr (PcdDefaultPk),
+    .PkSize            = (CONST UINT32)FixedPcdGetSize (PcdDefaultPk),
+    .DbtPtr            = NULL,
+    .DbtSize           = 0,
+  }
+};
+
+/**
+  Interface to fetch platform Secure Boot Certificates, each payload
+  corresponds to a designated set of db, dbx, dbt, KEK, PK.
+
+  @param[in]  Keys        Pointer to hold the returned sets of keys. The
+                          returned buffer will be treated as CONST and
+                          permanent pointer. The consumer will NOT free
+                          the buffer after use.
+  @param[in]  KeyCount    The number of sets available in the returned Keys.
+
+  @retval     EFI_SUCCESS             The Keys are properly fetched.
+  @retval     EFI_INVALID_PARAMETER   Inputs have NULL pointers.
+**/
+EFI_STATUS
+EFIAPI
+GetPlatformKeyStore (
+  OUT SECURE_BOOT_PAYLOAD_INFO  **Keys,
+  OUT UINT8                     *KeyCount
+  )
+{
+  if ((Keys == NULL) || (KeyCount == NULL)) {
+    return EFI_INVALID_PARAMETER;
+  }
+
+  *Keys     = mSecureBootPayload;
+  *KeyCount = ARRAY_SIZE (mSecureBootPayload);
+
+  return EFI_SUCCESS;
+}
diff --git a/MsCorePkg/MsCorePkg.dec b/MsCorePkg/MsCorePkg.dec
index 0e16bb95cd..074be6d792 100644
--- a/MsCorePkg/MsCorePkg.dec
+++ b/MsCorePkg/MsCorePkg.dec
@@ -136,6 +136,26 @@
   ## Default: 1024 * 4KiB = 4MB
   gMsCorePkgTokenSpaceGuid.PcdDebugFileLoggerAllocatedPages|1024|UINT32|0x4000001C
 
+  ## Pcd value representing the Pk for a platform
+  # Empty by default. Platform required to set this value to enable setting default secureboot variables.
+  gMsCorePkgTokenSpaceGuid.PcdDefaultPk |{ 0x0 }|VOID*|0x4000001D
+  
+  ## Pcd value representing the Db for a platform
+  # Empty by default. Platform required to set this value to enable setting default secureboot variables.
+  gMsCorePkgTokenSpaceGuid.PcdDefaultDb |{ 0x0 }|VOID*|0x4000001E
+  
+  ## Pcd value representing the 3PDb for a platform
+  # Empty by default. Platform required to set this value to enable setting default secureboot variables.
+  gMsCorePkgTokenSpaceGuid.PcdDefault3PDb | { 0x0 }|VOID*|0x4000001F
+  
+  ## Pcd value representing the Dbx for a platform
+  # Empty by default. Platform required to set this value to enable setting default secureboot variables.
+  gMsCorePkgTokenSpaceGuid.PcdDefaultDbx | { 0x0 }|VOID*|0x40000020
+  
+  ## Pcd value representing the Kek for a platform
+  # Empty by default. Platform required to set this value to enable setting default secureboot variables.
+  gMsCorePkgTokenSpaceGuid.PcdDefaultKek | { 0x0 }|VOID*|0x40000021
+
 [PcdsDynamic, PcdsDynamicEx]
   gMsCorePkgTokenSpaceGuid.PcdDeviceStateBitmask|0x00000000|UINT32|0x00010178
 
diff --git a/MsCorePkg/MsCorePkg.dsc b/MsCorePkg/MsCorePkg.dsc
index ae7aa2792b..ac664e0b26 100644
--- a/MsCorePkg/MsCorePkg.dsc
+++ b/MsCorePkg/MsCorePkg.dsc
@@ -168,6 +168,7 @@
   MsCorePkg/Library/DxeIsCapsuleSupportedLib/DxeIsCapsuleSupportedLib.inf
   MsCorePkg/Library/BaseIsCapsuleSupportedLibNull/BaseIsCapsuleSupportedLibNull.inf
   MsCorePkg/Library/SecureBootKeyStoreLibNull/SecureBootKeyStoreLibNull.inf
+  MsCorePkg/Library/BaseSecureBootKeyStoreLib/BaseSecureBootKeyStoreLib.inf
   MsCorePkg/Library/MuSecureBootKeySelectorLib/MuSecureBootKeySelectorLib.inf
   MsCorePkg/HelloWorldRustDxe/HelloWorldRustDxe.inf