OK, here's the proposed solution for write protect of the OLPC BIOS.

Short of phishing attacks, I think it should suffice; but I'd like people here to shoot at the scheme in case I'm missing something. Regards, - Jim