We're developing a custom Thunderbolt device and want to expose it to macOS as an ethernet interface, while owning the full network stack implementation up to and including IP, TCP and UDP — bypassing the macOS network stack for those layers. Is IOEthernetController the right DriverKit approach for this, and does it allow intercepting traffic before it reaches the macOS IP stack?

We are deploying Mac mini nodes in a headless server environment. FileVault is required for security compliance, but the boot-time unlock requires physical user interaction, which is incompatible with unattended server deployments. We understand that FileVault by design requires an external actor to provide the unlock secret. What is the supported mechanism for an external trusted service to supply that secret automatically at boot — similar to BitLocker + TPM + network unlock on Windows — without requiring physical access to the machine?

Does Virtualization.framework support delegating a Thunderbolt/PCIe device to a Linux guest VM running on Apple Silicon? We're developing a custom PCIe device and would like to iterate on the driver in a Linux VM environment on the same host.

Can a Thunderbolt device dynamically expose logical child devices to macOS and control their connection and disconnection lifecycle, independently of the physical device connection?