The few SINIT modules I've seen have a small real-mode loader part at the entry which parses and jumps into a plain PE file embedded at the end of the module. So, if you don't need to debug the loader, you can extract the PE and then use one of the DOS extenders which support PE files (e.g. HX-DOS, WDOSX) to load and debug it from DOS. Note, however, that the private TXT registers won't be accessible once the module has run and issued the CLOSE-PRIVATE command.
BTW, the 0xFED40000 range seems to belong to Intel's internal TPM (iTPM). See tpm_tis
driver in Linux. So you could instead intercept these accesses (with a signal/exception handler) and redirect them to an actual TPM.