diff --git a/pkg/driver/aws-efs/aws_efs.go b/pkg/driver/aws-efs/aws_efs.go
index a476ec2e4..20fbaeaed 100644
--- a/pkg/driver/aws-efs/aws_efs.go
+++ b/pkg/driver/aws-efs/aws_efs.go
@@ -105,7 +105,7 @@ func GetAWSEFSOperatorControllerConfig(ctx context.Context, flavour generator.Cl
 	cfg := operator.NewDefaultOperatorControllerConfig(flavour, c, "AWSEFS")
 	cfg.AddDeploymentHookBuilders(c, withCABundleDeploymentHook, withFIPSDeploymentHook, withCustomTags)
 	cfg.DeploymentWatchedSecretNames = append(cfg.DeploymentWatchedSecretNames, cloudCredSecretName, metricsCertSecretName)
-	cfg.AddDaemonSetHookBuilders(c, withFIPSDaemonSetHook, withVolumeMetricsDaemonSetHook)
+	cfg.AddDaemonSetHookBuilders(c, withCABundleDaemonSetHook, withFIPSDaemonSetHook, withVolumeMetricsDaemonSetHook)
 	cfg.AddCredentialsRequestHook(stsCredentialsRequestHook)
 
 	accessPointsTagController := NewEFSAccessPointTagsController(cfg.GetControllerName("EFSAccessPointTagsController"), c, c.EventRecorder)
@@ -116,6 +116,19 @@ func GetAWSEFSOperatorControllerConfig(ctx context.Context, flavour generator.Cl
 	return cfg, nil
 }
 
+// withCABundleDaemonSetHook projects custom CA bundle ConfigMap into the CSI driver container
+func withCABundleDaemonSetHook(c *clients.Clients) (csidrivernodeservicecontroller.DaemonSetHookFunc, []factory.Informer) {
+	hook := csidrivernodeservicecontroller.WithCABundleDaemonSetHook(
+		c.GuestNamespace,
+		trustedCAConfigMap,
+		c.GetConfigMapInformer(c.GuestNamespace),
+	)
+	informers := []factory.Informer{
+		c.GetConfigMapInformer(c.GuestNamespace).Informer(),
+	}
+	return hook, informers
+}
+
 // withCABundleDeploymentHook projects custom CA bundle ConfigMap into the CSI driver container
 func withCABundleDeploymentHook(c *clients.Clients) (dc.DeploymentHookFunc, []factory.Informer) {
 	hook := csidrivercontrollerservicecontroller.WithCABundleDeploymentHook(