From af322bed7efae423f9b9d91ff8badec7c8eed672 Mon Sep 17 00:00:00 2001
From: Jos Verlinde <Jos.Verlinde@Microsoft.com>
Date: Tue, 18 Feb 2025 11:24:06 +0100
Subject: [PATCH] Add info and link on Frozen code

---
 Securing-a-MicroPython-System.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/Securing-a-MicroPython-System.md b/Securing-a-MicroPython-System.md
index 522ab07..78c3b55 100644
--- a/Securing-a-MicroPython-System.md
+++ b/Securing-a-MicroPython-System.md
@@ -31,8 +31,23 @@ After risks have been identified, then responses to these risks need to be ident
 
 # Security controls that can be applied to MicroPython 
 ## Frozen code
+
+
 > Category: Reduces (not eliminate) the likelihood of someone tampering with your code 
 
+MicroPython has a feature that allows Python code to be “frozen” into the firmware, as an alternative to loading code from the filesystem.
+
+This has the following benefits:
+
+ - the code is pre-compiled to bytecode, avoiding the need for the Python source to be compiled at load-time.
+- the bytecode can be executed directly from ROM (i.e. flash memory) rather than being copied into RAM. Similarly any constant objects (strings, tuples, etc) are loaded from ROM also. This can lead to significantly more memory being available for your application.
+ - on devices that do not have a filesystem, this is the only way to load Python code.
+
+See : [MicroPython Manifest files](https://docs.micropython.org/en/latest/reference/manifest.html)
+Note that while frozen code is compiled to bytecode or even native code, this does not mean that your code cannot be read. While it may be more difficult to read, that will not stop a motivated person from reading and reverse enginering your code.
+
+ 
+
 ## Disabling the WebREPL
 > Category: Eliminate any access via WebREPL
   * `#define MICROPY_PY_WEBREPL 0`