Ok. So then sky's the limit to ideas (cost won't be a factor) and it's a singular system. The reason I ask this is because many of the retina/iris scanners out there require a machine to host the database of the biometric info. I went back to re-read your idea again and have some comments/questions:

1. For the biometric scanner: since this is done before the before the bootloader is done but after system check (I'm assuming it does diagnotics to see that everything is there), the database of the biometric is kept in another chip (?) and is unique to the single person using it (or is it a multi-use system). If it's a multiuse system, then there may need to be a seperate CPU/mini-HD to pull this info for each user. (keeping in mind that the biometric used can vary in size from biometric to biometric and that harddrive size is now reaching super miniscule -- about the size of a quarter IIRC Toshiba's claim last year).

2. This login process seems fine and I think it's in use in some places. Rather than fingerprints, perhaps a more "reliable" biometric should be considered or a multiple fingerprint option with live human detection.

3. Again, makes sense. Cost of CPUs, Memory, etc are low so this can be even part of the viable option. What encryption scheme/algorithm to be used between password and OS?

4. Why only terminal access (and by terminal access, do you mean text mode UI or GUI with dumb terminal?) If it's a singluar high level system and you're referring to dumb terminal access then aren't we talking about server/client setup rather than a single user machine? (just for clarification so I know what setup you're thinking of).