It's crucial to distinguish between the security requirements and the infrastructure, UI, and deployment requirements of OLPC's 'hard' software theft-deterrence scheme. Here's my take on the former:
- initial activation
- Laptops must be "initially" lockable such that they require a token in order to boot.
- Laptops must be capable of recording the passage of time at a scale at least as fine as the passage of a day.
- The laptop must be able to respond to the expiration or absence of a satisfactory lease. Developer keys + user interaction are sufficient to disable this check.
- passive-kill responses
- Among other possible responses to lease expiration, the laptop must be able to refuse to boot until a satisfactory lease is supplied or the passive-kill mechanism is disabled.
- active-kill responses
- The laptop must be able to respond to a verifiable valid poison message by locking itself so that hardware modification or a verifiable valid antidote message is necessary to boot the laptop.
- NB: The definition of 'antidote message' is presently hazy. As of today, developer keys are sufficient; however, there are alternative designs.