Oh, I see. You are referring to the code development toolset used to develop, test and debug your code. I have confidence in my toolset provider.And what if one wishes write their own code? How is one to test their code if only code "already in the system" is allowed to be executed?
If that were an issue, I have written my own editors, assemblers and ide in the past. So that isn't such a concern.
If you want to go that far, all modern MCU have embedded code already in the system. What reasons do you have to suspect that that has already been compromised?