(aarch64) KVM Guest Fails During UEFI PEI Boot Phase

During guest VM startup on an Arm platform, the guest might fail with an exception during the UEFI PEI boot phase:

...
PEIM Loaded: Tcg2ConfigPei.efi
PEIM Loaded: Tcg2Pei.efi
Synchronous Exception at 0x56E60

The issue is a CPU-level fault triggered by Tcg2Pei.efi trying to access an unmapped TPM MMIO register during firmware initialization.

To work around the issue, switch the firmware from AAVMF_CODE.fd to AAVMF_CODE.pure-efi-notpm.fd, which excludes the TPM PEI modules. Use the matching NVRAM template AAVMF_VARS.pure-efi-notpm.fd.

Preferably set these values when creating the VM using virt-install:

virt-install \
--name vm-name \
... \
loader=/usr/share/edk2/aarch64/AAVMF_CODE.pure-efi-notpm.fd, \
loader_ro=yes, \
loader_type=pflash, \
loader_secure=no, \
nvram=/usr/share/edk2/aarch64/AAVMF_VARS.pure-efi-notpm.fd \
... \

To update an existing VM configuration, use virsh edit:

...
<os>
<type arch="aarch64" machine="virt">hvm</type>
<loader readonly="yes" type="pflash">/usr/share/edk2/aarch64/AAVMF_CODE.pure-efi-notpm.fd</loader>
<nvram template="/usr/share/edk2/aarch64/AAVMF_VARS.pure-efi-notpm.fd">/var/lib/libvirt/qemu/nvram/ol_VARS.fd</nvram>
<boot dev="hd"/>
</os>
...

Note:

This issue is specific to the EDK2/AAVMF package that's included in the Oracle Linux KVM stack.

(Bug 38642712)