So, should we assume you've already considered and ruled out simply using a bootable CD?
Here's four possible approaches, from simplest to most complex:
(1) The simplest approach, though limiting, is to not use a recovery partition and instead include your image on a bootable DVD. This is less flexible than the other alternatives below because it's a bit more difficult to update your image and because there is the possibility of needing different DVDs for different machines.
(2) A more flexible alternative is to separate the image from the function of the boot CD/DVD. You could create two partitions, XP and recovery, and configure XP to not give recovery a drive letter. Then you carry around your bootable CD with your chosen imaging utility. XP users won't normally see the recovery partition, but use your bootable CD and you can backup/restore to the recovery partition whenever you want. By controlling the copies of the bootable CD, you can control who has access to restoring the system. Note the recovery partition itself is not really hidden, XP just isn't giving it a drive letter, so a smart user could bypass that and tamper with your recovery partition. (I don't know if that is a concern in your case.)
(3) Make your recovery partition bootable, as per your original inquiry above, but use a conventional boot manager.
Most of these recovery systems--including the link Ben gave you, the Dell PC-Restore system, and even the Acronis "Secure Zone" system--are nothing more than low-brow dualboot managers. They either boot one partition (XP) if no keys are pressed within a timeout period, or boot the alternate partition (recovery) if the magic keys are pressed. (One major exception is the PARTIES-BEER system IBM used on some Thinkpads, which involved a HPA.)
That means you can do the same thing with any of many regular multiboot managers that are available. Just setup your two bootable partitions, install the boot manager, and configure it to boot the main partition as the default after a short timeout period. The advantage of using a regular third-party boot manager is that you have greater control over how everything is configured. You can have it automatically hide/unhide selected partitions on the fly, adjust the timeout period, and even password-protect either boot option.
(4) The most complex solution is to write your own custom MBR. It's not an insurmountable task, but one would have to ask, "Why?" There are plenty of free boot managers around, so rolling your own is akin to reinventing the wheel. It's also less flexible than option 3, above, because the configuration options are locked into the code and not easily reconfigured. For example, it would be difficult to password-protect the recovery boot option.
Personally, I like option 3. For example, on Dell systems I sometimes strip off the Dell MBR and install the free XOSL boot manager instead. I set it to boot XP automatically after 5 seconds, but if [Esc] is pressed within 5 secs, up pops a boot menu, from which I can choose to boot the DellUtility partition, XP, or the PC-Restore partition. I have the DellUtility partition padded out with several additional DOS-based utilities, so my DellUtility partition is more versatile than the stock partition Dell provides.
You have to edit the autoexec.bat file on the DellRestore partition to tweak to taste. I typically have it automatically launch Ghost but then stop there, letting me manually operate Ghost. On some client systems, though, I have it scripted to do the whole restore operation without intervention, similar to what the major oems do. And if there are kids in the house, I often password-protect the recovery option so the kids can't accidentally launch it.
Dan Goodell
Inside the Dell PC-Restore Partition