Not that hard
- full logging with signature checks to detect tampering
- tamper evident seals / ties on boards and service ports
>hologrammed adhesive foil
- special locks on outside and for access to innards
>tubular locks
- mother boards with all non-essential ports masked or snipped off
>how about just proprietary motherboards with the ports never put on in the first place?
- proprietary screws securing components
>doesn't matter, you can create a matching driver with putty
- sensors on cabinet doors and for tilt / motion
>pinball machines have had these for 20 years.
- multi stage booting with signature tests at each stage
- audible / visible alarms
>again, look to the arcade industry
- customized OS with all non-essential services turned off
- full client / server authentication using forwards only encryption and two way authentication
- various physical features to prevent shoulder surfing, skimming etc.
>doable, but not done because it's unattractive/more expensive