From c56e85ace1405327ce302e65e0fbeb15c44b7c1f Mon Sep 17 00:00:00 2001
From: johntalton <johntalton@gmail.com>
Date: Tue, 9 Jul 2024 13:45:06 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README.md b/README.md
index 00e3a87..fd01931 100644
--- a/README.md
+++ b/README.md
@@ -16,6 +16,8 @@ Standard [Adafruit](https://www.adafruit.com/product/4471) link.
   - [Node-HID](#node-hid)
 - [I²C](#direct-api) (raw)
 - [`I2CBus`](#i2cbus-abstraction-recommended)
+- [Security](#security)
+
 
 ![i2c scan](https://raw.githubusercontent.com/johntalton/mcp2221/326-is-it-possible-to-use-this-in-nodejs/examples/mcp2221-scan.png)
 
@@ -168,3 +170,17 @@ const [ one, two, three ] = u8
 
 
 ```
+
+# Security
+
+While the chips SRAM settings (gpio etc) can be changed at will, these settings must explicit be save into FLASH.
+
+Under normal conditions the chip's Security setting is "Unlocked".  This allows for writing to the FLASH without restriction.
+
+However, if set to "Password Protected", the chip will enforce the sending of the password (once per "session") prior to FLASH writes.
+
+Failure to set the password during a "session" will prevent further password attempts until the "session" is over.
+
+Note:  Assumption about string padding (space vs null), justification and encoding (ut-8 etc) effect password byte representation.  It is "wise" to use the same software to get AND set the password.
+
+![password failure](https://raw.githubusercontent.com/johntalton/mcp2221/326-is-it-possible-to-use-this-in-nodejs/examples/mcp2221-no-password-error.png)
\ No newline at end of file