Radio-frequency identification (RFID) tag readers or sensors interrogate and locate RFID tags in stores, warehouses, and other environments. Unfortunately, these sensors are vulnerable to intrusions, including attacks that can expose any computer network to which the sensors are coupled. Attacks like these can be prevented using a secure booting process for distributing and loading an operating system and/or other software onto each sensor. When the sensor first boots up, it validates a pair of locally stored binary files, e.g., using a pair of locally stored digital keys. Once booted, it establishes a secure connection to a controller, then downloads, validates, and executes a binary file from the controller. Executing the binary file from the controller loads an operating system kernel into the sensor's memory for secure operation.