--- /dev/null
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
+/*
+ * Copyright(c) 2016-20 Intel Corporation.
+ */
+#ifndef _UAPI_ASM_X86_SGX_H
+#define _UAPI_ASM_X86_SGX_H
+
+#include <linux/types.h>
+#include <linux/ioctl.h>
+
+#define SGX_MAGIC 0xA4
+
+#define SGX_IOC_ENCLAVE_CREATE \
+       _IOW(SGX_MAGIC, 0x00, struct sgx_enclave_create)
+
+/**
+ * struct sgx_enclave_create - parameter structure for the
+ *                             %SGX_IOC_ENCLAVE_CREATE ioctl
+ * @src:       address for the SECS page data
+ */
+struct sgx_enclave_create  {
+       __u64   src;
+};
+
+#endif /* _UAPI_ASM_X86_SGX_H */
 
        return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
 }
 
+#ifdef CONFIG_COMPAT
+static long sgx_compat_ioctl(struct file *filep, unsigned int cmd,
+                             unsigned long arg)
+{
+       return sgx_ioctl(filep, cmd, arg);
+}
+#endif
+
 static const struct file_operations sgx_encl_fops = {
        .owner                  = THIS_MODULE,
        .open                   = sgx_open,
        .release                = sgx_release,
+       .unlocked_ioctl         = sgx_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl           = sgx_compat_ioctl,
+#endif
        .mmap                   = sgx_mmap,
        .get_unmapped_area      = sgx_get_unmapped_area,
 };
 
--- /dev/null
+// SPDX-License-Identifier: GPL-2.0
+/*  Copyright(c) 2016-20 Intel Corporation. */
+
+#include <asm/mman.h>
+#include <linux/mman.h>
+#include <linux/delay.h>
+#include <linux/file.h>
+#include <linux/hashtable.h>
+#include <linux/highmem.h>
+#include <linux/ratelimit.h>
+#include <linux/sched/signal.h>
+#include <linux/shmem_fs.h>
+#include <linux/slab.h>
+#include <linux/suspend.h>
+#include "driver.h"
+#include "encl.h"
+#include "encls.h"
+
+static int sgx_encl_create(struct sgx_encl *encl, struct sgx_secs *secs)
+{
+       struct sgx_epc_page *secs_epc;
+       struct sgx_pageinfo pginfo;
+       struct sgx_secinfo secinfo;
+       unsigned long encl_size;
+       long ret;
+
+       /* The extra page goes to SECS. */
+       encl_size = secs->size + PAGE_SIZE;
+
+       secs_epc = __sgx_alloc_epc_page();
+       if (IS_ERR(secs_epc))
+               return PTR_ERR(secs_epc);
+
+       encl->secs.epc_page = secs_epc;
+
+       pginfo.addr = 0;
+       pginfo.contents = (unsigned long)secs;
+       pginfo.metadata = (unsigned long)&secinfo;
+       pginfo.secs = 0;
+       memset(&secinfo, 0, sizeof(secinfo));
+
+       ret = __ecreate((void *)&pginfo, sgx_get_epc_virt_addr(secs_epc));
+       if (ret) {
+               ret = -EIO;
+               goto err_out;
+       }
+
+       if (secs->attributes & SGX_ATTR_DEBUG)
+               set_bit(SGX_ENCL_DEBUG, &encl->flags);
+
+       encl->secs.encl = encl;
+       encl->base = secs->base;
+       encl->size = secs->size;
+
+       /* Set only after completion, as encl->lock has not been taken. */
+       set_bit(SGX_ENCL_CREATED, &encl->flags);
+
+       return 0;
+
+err_out:
+       sgx_free_epc_page(encl->secs.epc_page);
+       encl->secs.epc_page = NULL;
+
+       return ret;
+}
+
+/**
+ * sgx_ioc_enclave_create() - handler for %SGX_IOC_ENCLAVE_CREATE
+ * @encl:      An enclave pointer.
+ * @arg:       The ioctl argument.
+ *
+ * Allocate kernel data structures for the enclave and invoke ECREATE.
+ *
+ * Return:
+ * - 0:                Success.
+ * - -EIO:     ECREATE failed.
+ * - -errno:   POSIX error.
+ */
+static long sgx_ioc_enclave_create(struct sgx_encl *encl, void __user *arg)
+{
+       struct sgx_enclave_create create_arg;
+       void *secs;
+       int ret;
+
+       if (test_bit(SGX_ENCL_CREATED, &encl->flags))
+               return -EINVAL;
+
+       if (copy_from_user(&create_arg, arg, sizeof(create_arg)))
+               return -EFAULT;
+
+       secs = kmalloc(PAGE_SIZE, GFP_KERNEL);
+       if (!secs)
+               return -ENOMEM;
+
+       if (copy_from_user(secs, (void __user *)create_arg.src, PAGE_SIZE))
+               ret = -EFAULT;
+       else
+               ret = sgx_encl_create(encl, secs);
+
+       kfree(secs);
+       return ret;
+}
+
+long sgx_ioctl(struct file *filep, unsigned int cmd, unsigned long arg)
+{
+       struct sgx_encl *encl = filep->private_data;
+       int ret;
+
+       if (test_and_set_bit(SGX_ENCL_IOCTL, &encl->flags))
+               return -EBUSY;
+
+       switch (cmd) {
+       case SGX_IOC_ENCLAVE_CREATE:
+               ret = sgx_ioc_enclave_create(encl, (void __user *)arg);
+               break;
+       default:
+               ret = -ENOIOCTLCMD;
+               break;
+       }
+
+       clear_bit(SGX_ENCL_IOCTL, &encl->flags);
+       return ret;
+}