The crypto would be straightforward, but I'm less confident we could deal with the security policy problems. Could users properly deal with a dialog like this?

"The device `Sony XBR46KBR9200Q' requires access to your system memory. <Allow> <Forbid>"

You could try to "pre-answer" these questions by having a trusted third party that "certifies" hardware to speak the PCIe protocol. That gets you into a world not unlike Apple's app store, where apps must be submitted and centrally approved by Apple. If you did this "properly" and got it to really work, then it would be effectively impossible for tinkerers to build Thunderbolt devices. Needless to say, that's not entirely desirable.