I'm sure the T2 doesn't verify the OS against the network at boot time, but rather when you're installing the OS update. Once it's been installed, it's trusted.
The trivial proof here is if it did anything else, ignoring an OS update would brick your device, which is obviously not desired behavior.
> I'm sure the T2 doesn't verify the OS against the network at boot time, but rather when you're installing the OS update. Once it's been installed, it's trusted.
This is correct. Network is only needed for re-install on the high security setting. When already installed, the only verification is to ensure signatures are valid, similar to how iOS devices function (You cannot re-flash/downgrade to an older OS, but if you have an older OS installed, the device will not prevent you from booting).
The trivial proof here is if it did anything else, ignoring an OS update would brick your device, which is obviously not desired behavior.