Embedded　real-time　operating　systems　are　widely　used　in　communication,　industrial　control　and　weapon　intelligent　control　and　other　fields.　However,　due　to　the　complex　personnel　and　environment　involved　in　the　development　of　embedded　systems,　the　development　software　is　difficult　to　control　independently,　so　it　is　extremely　vulnerable　to　malicious　code　implantation　attacks.　Based　on　this,　this　paper　focuses　on　the　UCOS　real-time　operating　system,　analyzes　the　security　threats　faced　by　the　UCOS　development　environment　GCC　in　the　process　of　precompiling,　compiling,　assembling　and　linking,　and　designs　a　plug-in-based　GCC　attack　mode,　which　can　implement　malicious　code　implantation　attacks　on　UCOS.　.　At　the　same　time,　a　trusted　protection　framework　for　embedded　real-time　systems　is　proposed.　By　implementing　active　control　and　integrity　measurement　of　firmware,　operating　systems　and　applications　in　embedded　real-time　systems,　the　trusted　startup　of　embedded　real-time　systems　is　guaranteed　and　the　supply　chain　stage　is　independently　resisted.　malicious　code　implantation　attack.　©　2022　ACM.