diff --git a/p11-kit/mingw-w64/0001-Build-and-install-libnssckbi-p11-kit.so.patch b/p11-kit/mingw-w64/0001-Build-and-install-libnssckbi-p11-kit.so.patch
new file mode 100644
index 00000000..62d3b1c7
--- /dev/null
+++ b/p11-kit/mingw-w64/0001-Build-and-install-libnssckbi-p11-kit.so.patch
@@ -0,0 +1,76 @@
+From ec8bb05e15640b1857b94ded128bc33ca7ec7fe0 Mon Sep 17 00:00:00 2001
+Message-Id: <ec8bb05e15640b1857b94ded128bc33ca7ec7fe0.1519917784.git.jan.steffens@gmail.com>
+From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
+Date: Thu, 1 Mar 2018 16:20:59 +0100
+Subject: [PATCH] Build and install libnssckbi-p11-kit.so
+
+Create an additional library which is a copy of p11-kit-trust.so but
+uses the same label for root certs as libnssckbi.so:
+  "Builtin Object Token" instead of "Default Trust".
+
+https://bugs.freedesktop.org/show_bug.cgi?id=66161
+---
+ trust/Makefile.am | 14 ++++++++++++++
+ trust/module.c    | 12 +++++++++++-
+ 2 files changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/trust/Makefile.am b/trust/Makefile.am
+index 6e52c4d..157a1d9 100644
+--- a/trust/Makefile.am
++++ b/trust/Makefile.am
+@@ -66,6 +66,20 @@ p11_kit_trust_la_LDFLAGS = \
+ 
+ p11_kit_trust_la_SOURCES = $(TRUST_SRCS)
+ 
++libnssckbi_compatdir = $(libdir)
++libnssckbi_compat_LTLIBRARIES = \
++	libnssckbi-p11-kit.la
++
++libnssckbi_p11_kit_la_CFLAGS = \
++	-DLIBNSSCKBI_COMPAT \
++	$(p11_kit_trust_la_CFLAGS)
++
++libnssckbi_p11_kit_la_LIBADD = $(p11_kit_trust_la_LIBADD)
++
++libnssckbi_p11_kit_la_LDFLAGS = $(p11_kit_trust_la_LDFLAGS)
++
++libnssckbi_p11_kit_la_SOURCES = $(p11_kit_trust_la_SOURCES)
++
+ libtrust_testable_la_LDFLAGS = \
+ 	-no-undefined
+ 
+diff --git a/trust/module.c b/trust/module.c
+index e8b7256..d578a90 100644
+--- a/trust/module.c
++++ b/trust/module.c
+@@ -201,7 +201,11 @@ create_tokens_inlock (p11_array *tokens,
+ 		int flags;
+ 	} labels[] = {
+ 		{ "~/", "User Trust", P11_TOKEN_FLAG_NONE },
++#ifdef LIBNSSCKBI_COMPAT
++		{ P11_DEFAULT_TRUST_PREFIX, "Builtin Object Token", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#else
+ 		{ P11_DEFAULT_TRUST_PREFIX, "Default Trust", P11_TOKEN_FLAG_WRITE_PROTECTED },
++#endif
+ 		{ P11_SYSTEM_TRUST_PREFIX, "System Trust", P11_TOKEN_FLAG_NONE },
+ 		{ NULL },
+ 	};
+@@ -529,8 +533,14 @@ sys_C_GetSlotInfo (CK_SLOT_ID id,
+ 		info->flags = CKF_TOKEN_PRESENT;
+ 		strncpy ((char*)info->manufacturerID, MANUFACTURER_ID, 32);
+ 
++#ifdef LIBNSSCKBI_COMPAT
++		/* Change description to match libnssckbi so HPKP works in Chromium */
++		if (strcmp (p11_token_get_label (token), "Builtin Object Token") == 0)
++			path = "NSS Builtin Objects";
++		else
++#endif
++			path = p11_token_get_path (token);
+ 		/* If too long, copy the first 64 characters into buffer */
+-		path = p11_token_get_path (token);
+ 		length = strlen (path);
+ 		if (length > sizeof (info->slotDescription))
+ 			length = sizeof (info->slotDescription);
+-- 
+2.16.1
+
diff --git a/p11-kit/mingw-w64/PKGBUILD b/p11-kit/mingw-w64/PKGBUILD
new file mode 100644
index 00000000..15d58c2a
--- /dev/null
+++ b/p11-kit/mingw-w64/PKGBUILD
@@ -0,0 +1,62 @@
+# Maintainer: pingplug < aur at pingplug dot me >
+# Contributor: xantares < xantares09 at hotmail dot com >
+
+_commit=b0ebe7555c291808db29377ba79cb8326301f0a6  # 0.23.18.1
+_architectures="i686-w64-mingw32 x86_64-w64-mingw32"
+
+pkgname=mingw-w64-p11-kit
+pkgver=0.23.18.1
+pkgrel=1
+pkgdesc="Provides a way to load and enumerate PKCS#11 modules (mingw-w64)"
+arch=('any')
+url="https://p11-glue.freedesktop.org"
+license=('BSD')
+depends=('mingw-w64-crt'
+         'mingw-w64-libtasn1'
+         'mingw-w64-libffi')
+makedepends=('mingw-w64-configure'
+             'git')
+options=('!strip' 'staticlibs' '!buildflags')
+source=("git+https://github.com/p11-glue/p11-kit?#commit=${_commit}"
+        "0001-Build-and-install-libnssckbi-p11-kit.so.patch")
+sha256sums=('SKIP'
+            '0736f74cec5ca49d91afa47cd84f9ac0404947bf0064358e22c3e53b69e82798')
+
+pkgver() {
+  cd "${srcdir}/p11-kit"
+  git describe --tags | sed 's/-/+/g'
+}
+
+prepare() {
+  cd "${srcdir}"/p11-kit
+  # Build and install an additional library (libnssckbi-p11-kit.so) which
+  # is a copy of p11-kit-trust.so but uses the same label for root certs as
+  # libnssckbi.so ("Builtin Object Token" instead of "Default Trust")
+  # https://bugs.freedesktop.org/show_bug.cgi?id=66161
+  patch -Np1 -i ../0001-Build-and-install-libnssckbi-p11-kit.so.patch
+  NOCONFIGURE=1 ./autogen.sh
+}
+
+build() {
+  cd "${srcdir}"/p11-kit
+  for _arch in ${_architectures}; do
+    mkdir -p build-${_arch} && pushd build-${_arch}
+    ${_arch}-configure --disable-static --disable-silent-rules --disable-trust-module
+    make
+    popd
+  done
+}
+
+package() {
+  for _arch in ${_architectures}; do
+    cd "${srcdir}"/p11-kit/build-${_arch}
+    make install DESTDIR="${pkgdir}"
+    rm "${pkgdir}"/usr/${_arch}/bin/*.exe
+    rm -r "${pkgdir}"/usr/${_arch}/libexec
+    rm -r "${pkgdir}"/usr/${_arch}/etc
+    ${_arch}-strip --strip-unneeded "${pkgdir}"/usr/${_arch}/bin/*.dll
+    ${_arch}-strip -g "${pkgdir}"/usr/${_arch}/lib/*.a
+  done
+}
+
+# vim:set ts=2 sw=2 et: