Isn't the OS untampered so long as booting into rescue mode > startup security shows it to be in sealed/verified mode?

Not sure, maybe there are other ways to achieve that (instinctively, I think the attack surface is much larger in your solution as it relies on the correctness of recoveryOS, not just bootrom/iBoot), but DFU would be easiest/safest/fastest and less error-prone for me. My ritual is to just plug in another Mac running Apple Configurator to my newly arrived iOS/macOS device and restore the OS image (actually faster than using a USB disk to install macOS). I think your approach may validate the system disk, but not whether configuration in data partition is loading a separate key logger binary on boot.