Problem setting up SGX domain

Hi, users@, I'm attempting to set up domain with SGX EPC memory. When starting it, I get this error: # virsh start astoria-test-1 error: Failed to start domain 'astoria-test-1' error: internal error: process exited while connecting to monitor: libnuma: Warning: /sys not mounted or invalid. Assuming one node: Permission denied 2023-11-16T14:04:26.919285Z qemu-system-x86_64: The nodes select no CPUs When removing <memory model='sgx-epc'> node from XML, the domain starts fine. I've attached is domain.xml for it, with the section commented. Also there are logs from happy and sad case. The libnuma error seems to stem from this place: https://github.com/numactl/numactl/blob/fc999282e6663d6844773e6065bbee327... This makes no sense to me, because the file is there and available: # sudo -u libvirt-qemu cat /sys/devices/system/node/node0/cpumap fff I also don't understand why qemu says "The nodes select no CPUs" (https://gitlab.com/qemu-project/qemu/-/blob/34a5cb6d8434303c170230644b2a7...). DDG has failed me in all cases. I've also tried to follow the recommendation from https://libvirt.org/formatdomaincaps.html#sgx-capabilities: For more details on the SGX feature, please follow resources in the SGX developer's document store. ...and the only think that I've found relevant to libvirt was this document: https://www.intel.com/content/www/us/en/developer/articles/technical/virt... which suggests to play with <qemu:commandline> instead. host: Debian 12, libvirt 9.0.0, QEMU 7.2, virtinst 4.1 (see dpkg-l attachment) guest: Ubuntu 22.04 (jammy) cloud image The domain in quesion was defined using virt-install with cloud-init, then I was editing XML with `virsh edit`. Relevant snippet from `virsh domcapabilities`: <sgx supported='yes'> <flc>yes</flc> <sgx1>yes</sgx1> <sgx2>no</sgx2> <section_size unit='KiB'>95744</section_size> <sections> <section node='0' size='95744' unit='KiB'/> </sections> </sgx> System-wide logs do not contain anything relevant. I'm happy to provide additional info if needed. Anyone can point me to a solution? -- pozdrawiam / best regards Wojtek Porczyk Gramine / Invisible Things Lab I do not fear computers, I fear lack of them. -- Isaac Asimov