Have a look at pam-duress, this may be a nice addition to the wmf-laptop packages. A simple implementation could just send some type of alert to wmf staff indicating that a user has had to unlock there laptop and credentials have been potentially compromised.
There are of course many issues with pam-duress i.e. any alerting would need some type of connectivity, any alteration preformed could be in breach of various state laws. further even sending a email could have undesired side affects depending on the actor exerting the duress. Either way would be good to have a small play and see what we could do