I am doing some testing on the iMac Pro SecureBoot, and did some network traces:
Normal Boot (kernel booting starts at packet 10):
Notes: It doesn’t look like there are any certificate (OCSP or CRL) verification checks done.
Boot to recovery partition:
Notes: No obvious certificate validation. Checks to albert.apple.com and 2 hosts at domain symcb.com (which appears to be Symantec).
Boot to Boot Picker screen:
Notes: Not a log of activity and no DNS lookups, but lots of DHCP request that could be looking for a NetBoot Server.
In recovery partition, select startup disk and click the restart button:
Notes: This appears to be where the certificate validation list is updated. Requests to an OCSP and CRL servers. Also, requests to e6858.dsce9.akamaiedge.net.