secure: update dongle handling:

- decrement hoursleft on each boot to prevent running very short Prime
  sessions that don't update the dongle; this allows removing of
  dongle_dtime (the last time the dongle was updated)

- only uses 1 dongle location (for hoursleft)

- maintain a checksum on dongle values to detect tampering

- encrypt hoursleft and the dongle checksum

- write random values in all other dongle locations

- validate dongle by asking it to encrypt random values; this requires
  that a copy of the dongle key is stored in the executable

- don't fail immediately: just set a status and keep going

- caller sets bad Prime keys and hands us the correct keys; we reset
  Prime keys before returning.  This makes it harder to bypass
  security by not calling it at all.

emdev.h

@@ -1426,6 +1426,7 @@ int devcp (int class, int func, int device) {
 
   struct timeval tv;
   unsigned int elapsedms,targetticks;
+  unsigned short realkeys;
   int i;
 
 #define SETCLKPOLL devpoll[device] = gvp->instpermsec*(-clkpic*clkrate)/1000;
@@ -1625,8 +1626,12 @@ int devcp (int class, int func, int device) {
 
 #define IPMTIME 5000
 
+	realkeys = getcrs16(KEYS);
 	if ((gvp->instcount < previnstcount) || (gvp->instcount-previnstcount > gvp->instpermsec*IPMTIME)) {
 	  if (gvp->instcount-previnstcount > gvp->instpermsec*IPMTIME) {
+#ifndef DEMO
+	    putcrs16(KEYS, 0xFFFF);                /* install bad keys */
+#endif
 	    i = (gvp->instcount-previnstcount) /
 	      ((tv.tv_sec-prev_tv.tv_sec)*1000.0 + (tv.tv_usec-prev_tv.tv_usec)/1000.0);
 	    if (i > 0) {
@@ -1639,7 +1644,7 @@ int devcp (int class, int func, int device) {
 
 	    /* call the security check code */
 
-	    secure(tv);
+	    secure(tv, realkeys);
 	  }
 	  previnstcount = gvp->instcount;
 	  prev_tv = tv;