File systems have long benefited from hardware acceleration to improve their performance. In order to leverage such hardware capabilities, file systems rely on direct and trusted support from the underlying operating system. However, this assumes that the OS and the associated kernel drivers, which access the accelerators, are trustworthy. The recent introduction of the Intel software guard extensions (SGX) instruction set allows application developers to lift part of these assumptions, in conjunction with the widespread availability of these new extensions in mass-market CPUs. With SGX, programmers can design secure applications under a stronger adversarial model, such as a compromised OS or kernel module. Code executes inside enclaves and is protected from privileged processes, including the OS itself. This paper presents SGX-FS, a new user-space file system that leverages SGX data sealing capabilities for secure in-memory and persistent storage. It combines the FUSE framework with SGX to securely protect user data. In particular, SGX-FS efficiently encrypts and decrypts the application data within the enclaves. We fully implement an open-source SGX-FS prototype and evaluate its performance by means of a representative set of nano-and micro-benchmarks.