diff --git a/src/include/ipxe/efi/Guid/TlsAuthentication.h b/src/include/ipxe/efi/Guid/TlsAuthentication.h
new file mode 100644
index 000000000..f1e1b4f40
--- /dev/null
+++ b/src/include/ipxe/efi/Guid/TlsAuthentication.h
@@ -0,0 +1,25 @@
+/** @file
+  This file defines TlsCaCertificate variable.
+
+Copyright (c) 2016, Intel Corporation. All rights reserved.<BR>
+SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef __TLS_AUTHENTICATION_H__
+#define __TLS_AUTHENTICATION_H__
+
+FILE_LICENCE ( BSD2_PATENT );
+
+// Private variable for CA Certificate configuration
+//
+#define EFI_TLS_CA_CERTIFICATE_GUID \
+  { \
+    0xfd2340D0, 0x3dab, 0x4349, { 0xa6, 0xc7, 0x3b, 0x4f, 0x12, 0xb4, 0x8e, 0xae } \
+  }
+
+#define EFI_TLS_CA_CERTIFICATE_VARIABLE  L"TlsCaCertificate"
+
+extern EFI_GUID  gEfiTlsCaCertificateGuid;
+
+#endif
diff --git a/src/include/ipxe/efi/efi.h b/src/include/ipxe/efi/efi.h
index 862a38e5c..486c6070e 100644
--- a/src/include/ipxe/efi/efi.h
+++ b/src/include/ipxe/efi/efi.h
@@ -249,6 +249,7 @@ extern EFI_GUID efi_cert_x509_guid;
 extern EFI_GUID efi_file_info_id;
 extern EFI_GUID efi_file_system_info_id;
 extern EFI_GUID efi_global_variable;
+extern EFI_GUID efi_tls_ca_certificate_guid;
 
 extern EFI_HANDLE efi_image_handle;
 extern EFI_LOADED_IMAGE_PROTOCOL *efi_loaded_image;
diff --git a/src/include/ipxe/efi/import.pl b/src/include/ipxe/efi/import.pl
index 0a7669f43..346d45e5f 100755
--- a/src/include/ipxe/efi/import.pl
+++ b/src/include/ipxe/efi/import.pl
@@ -118,7 +118,8 @@ pod2usage ( 1 ) unless @ARGV == 1;
 my $edktop = shift;
 
 # Identify edk import directories
-my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include" ];
+my $edkdirs = [ "MdePkg/Include", "MdeModulePkg/Include",
+		"NetworkPkg/Include" ];
 foreach my $edkdir ( @$edkdirs ) {
   die "Directory \"$edktop\" does not appear to contain the EFI EDK2 "
       ."(missing \"$edkdir\")\n" unless -d catdir ( $edktop, $edkdir );
diff --git a/src/interface/efi/efi_guid.c b/src/interface/efi/efi_guid.c
index ae78c068e..9d9c9ef91 100644
--- a/src/interface/efi/efi_guid.c
+++ b/src/interface/efi/efi_guid.c
@@ -87,6 +87,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 #include <ipxe/efi/Guid/FileSystemInfo.h>
 #include <ipxe/efi/Guid/GlobalVariable.h>
 #include <ipxe/efi/Guid/ImageAuthentication.h>
+#include <ipxe/efi/Guid/TlsAuthentication.h>
 
 /** @file
  *
@@ -407,6 +408,9 @@ EFI_GUID efi_file_system_info_id = EFI_FILE_SYSTEM_INFO_ID;
 /** Global variable GUID */
 EFI_GUID efi_global_variable = EFI_GLOBAL_VARIABLE;
 
+/** TLS CA certificate variable GUID */
+EFI_GUID efi_tls_ca_certificate_guid = EFI_TLS_CA_CERTIFICATE_GUID;
+
 /** HttpBootDxe module GUID */
 static EFI_GUID efi_http_boot_dxe_guid = {
 	0xecebcb00, 0xd9c8, 0x11e4,
@@ -583,6 +587,8 @@ static struct efi_well_known_guid efi_well_known_guids[] = {
 	  "Tcp6" },
 	{ &efi_tcp6_service_binding_protocol_guid,
 	  "Tcp6Sb" },
+	{ &efi_tls_ca_certificate_guid,
+	  "TlsCaCert" },
 	{ &efi_tree_protocol_guid,
 	  "TrEE" },
 	{ &efi_udp4_protocol_guid,