Note that checking anything in userspace on a compromised machine does not actually prove that the machine is not compromised. It is very easy to boot insecurely and then make everything lie that the boot was secure.

Recovery exists in a separate partition protected by SIP; it's set up this way to so that 99.99% of scenarios require a local, physical attack. "recoveryOS" is also bound to the specific APFS volume of the device. There's more to it than that, but you can be reasonably sure that recoveryOS isn't lying to you.

Sure, you can make an argument someone gave you a special device with a fake OS... but anyone willing to do that has much more simple ways to fuck with you.