This is debatable - the license is pretty clear about it being a requirement, but it has been patchily enforced:
> The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable [emphasis mine].
Even in the infamous TiVo case, customers of TiVo had complete access to modify the Linux kernel or any other GPL binary - the proprietary TiVo software would just refuse to run if any modification had been applied this way.
Yes, there's no requirement for the sfp to boot any specific kernel, thus no requirement
"to update the Linux kernel/etc"
If they aren't using a stock kernel with drivers already in the kernel, then clearly they have to distribute that code (which might just be a shim like with nvidea), but not boot from it -- it's not GPL3
Interestingly, I found this scholarly article [0] claiming that is actually a misunderstanding of the text of the GPLv2, and an ahistorical reading/discussion of this problem.
For example, here is a citation they have from the (then) chief lawyer of the FSF:
> TiVo is a provider of hardware and software …. Our concern with them is that they have rights as users, but they should respect the rights of the users to whom they sell. Having a personal video recorder … which won't run software if you modify the box … is not user-respecting conduct. (TiVo) complied with GPL 2 by the skin of its teeth.
On the other hand, it seems it is actually pretty hard right now to tell what exactly TiVo was preventing at the time. There are some articles, like the one you cited, that claim TiVo devices would check the signature of the kernel and other software, and refuse to run their own proprietary software. However, other articles (some cited in this paper) claim that in fact TiVo devices would not boot a modified kernel. This seems more plausible to me, given the FSF's reaction and additional langauge added to GPLv3 specifically to prevent what TiVo was doing - modifications which would prohibit the latter case but not the former (were the kernel to ever adopt GPLv3).
That article clashes with many of Richard Stallman's claims. In particular, the article claims that the Series 2 TiVos allowed the user to run any modified kernel, but disabled the TiVo proprietary software. In contrast, Stallman has many public statements claiming explicitly that the TiVo devices would fail to boot or shut down immediately if a modified kernel was detected:
> For instance, the Tivo itself is the prototype of tivoisation. The Tivo contains a small GNU/Linux operating system, thus, several programs under the GNU GPL. And, as far as I know, the Tivo company does obey GPL version 2. They provide the users with source code and the users can then modify it and compile it and then install it in the Tivo. That's where the trouble begins because the Tivo will not run modified versions, the Tivo contains hardware designed to detect that the software has been changed and shuts down. So, regardless of the details of your modification, your modified version will not run in your Tivo. [emphasis mine]
> One major danger that GPLv3 will block is tivoization. Tivoization means computers (called “appliances”) contain GPL-covered software that you can't change, because the appliance shuts down if it detects modified software. The usual motive for tivoization is that the software has features the manufacturer thinks lots of people won't like. The manufacturers of these computers take advantage of the freedom that free software provides, but they don't let you do likewise.
Linus Torvalds, from many public statements about cryptographically signed kernels, shares this same view of what the GPLv2 allows:
> And it’s important to realize that signed kernels that you can’t run in
modified form under certain circumstances is not at all a bad idea in many
cases. For example, distributions signing the kernel modules (that are
distributed under the GPL) that _they_ have compiled, and having their
kernels either refuse to load them entirely (under a “secure policy”) or
marking the resulting kernel as “Tainted” (under a “less secure” policy)
is a GOOD THING.
I wasn't around then, but I would be surprised if that description of TiVo's actions is accurate. I'm more inclined to believe the blog post from the person who "led the GPLv2 enforcement effort against TiVo" than the definition of tivoization that exists in the popular consciousness, which I expect is a political invention of the community over time. The article says "At the time, TiVo was doing the right thing in providing what the GPLv2 requires — including the ability to reinstall GNU and Linux software onto the actual device" and "TiVo never prevented such reinstallation". There is a whole section "How Discussion Focused on Cryptographic Lockdown Generally" about where the cryptographic lockdown worries came from; it was years after TiVo, during the GPLv3 drafting process. They even link to resources about how to update Linux on TiVo devices, one of them mentions breaking the "encryption" involves modifying the "tivoapp" userspace binary in a way that looks to me like disabling checking of the Linux kernel hash.
Linus is saying that signed Linux kernels are a good thing (and I concur), the situations he was describing there are for Secure Boot based systems, which are explicitly designed to allow for software freedom. IIRC this happens in a couple of ways:
1. the UEFI firmware requirements set by Microsoft require the ability to disable Secure Boot, and ISTR also require or encourage the ability to enroll secondary keys.
2. the shim firmware built by a distro and signed by Microsoft and booted by the UEFI firmware allows a physically present user to enroll secondary keys, and then all the layers beyond shim support verifying things using those keys.
Of course Microsoft controlled Secure Boot isn't the only kind of cryptographic lockdown in use today. The method used on mainstream Android phones is different and I don't know the details but I think it allows wiping the phone and then booting unsigned Linux kernel builds but I don't think it allows the MOK style setup from the PC UEFI world. The Apple M1 devices have yet another system.
And that's the major change from GPLv2 to GPLv3 - explicit prevention of scenarios like TiVo. However, Linus said he really didn't care if companies prevented users from running modified code, only that any changes companies made to the kernel were available. The Linux kernel is explicitly licensed under GPLv2 for that reason.
That is another common misconception. RMS wanted GPLv3 to prevent what TiVo did (breaking proprietary software when you exercise the GPL installation rights), but actually the changes in GPLv3 do not do that and what TiVo did is allowed by the GPLv3.
The GPLv2 does not do what Linus wants either - it doesn't require code to be publicly available (only to customers) and it doesn't require them to give code back to upstream. Linus is also against GPLv2 enforcement in general too, even if the GPLv2 installation requirements were not enforced.
> The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable [emphasis mine].
Even in the infamous TiVo case, customers of TiVo had complete access to modify the Linux kernel or any other GPL binary - the proprietary TiVo software would just refuse to run if any modification had been applied this way.