Updated Securing a MicroPython System (markdown)

Securing-a-MicroPython-System.md

@@ -44,6 +44,26 @@ After risks have been identified, then responses to these risks need to be ident
 
 
 ## Disable serial REPL access
+If you want sys.stdin/sys.stdout and no REPL, then the other option is to use a normal build config and structure your [main.py](http://main.py/) so it absolutely can't drop to the REPL.
+
+Something like this in `main.py`:
+```py
+import machine, app
+try:
+    app.main()
+finally:
+   machine.reset()
+```
+
+
+Another config that should work everywhere is `#define MICROPY_ENABLE_COMPILER 0` which will completely remove the ability for the board to compile python into bytecode; this indirectly disables repl as the repl requires the compiler to execute any entered code.
+
+The configuration for handling whether repl is connected to usb / uart is implemented with the stdin / stdout functions in `https://github.com/micropython/micropython/blob/master/ports/esp32/mphalport.c`
+
+A quick scan of that file (from latest master) looks like #define MICROPY_HW_ENABLE_UART_REPL (0) should work on the current version to disconnect stdio / repl from the uart.
+
+For more details : [Discussion](https://github.com/orgs/micropython/discussions/16353#discussioncomment-11452937) 
+
 ## Secure physical access
 Note: Securing pysical access with small devices likel MCUs is very hard. and an adigium in security is that "Physical access is the end of all security" 
 
@@ -53,3 +73,4 @@ Note: Securing pysical access with small devices likel MCUs is very hard. and an
 ## Minimise attack surface
   * Shut down peripherals and network as much as possible
 
+