Yes, there's no requirement for the sfp to boot any specific kernel, thus no requirement
"to update the Linux kernel/etc"
If they aren't using a stock kernel with drivers already in the kernel, then clearly they have to distribute that code (which might just be a shim like with nvidea), but not boot from it -- it's not GPL3
Interestingly, I found this scholarly article [0] claiming that is actually a misunderstanding of the text of the GPLv2, and an ahistorical reading/discussion of this problem.
For example, here is a citation they have from the (then) chief lawyer of the FSF:
> TiVo is a provider of hardware and software …. Our concern with them is that they have rights as users, but they should respect the rights of the users to whom they sell. Having a personal video recorder … which won't run software if you modify the box … is not user-respecting conduct. (TiVo) complied with GPL 2 by the skin of its teeth.
On the other hand, it seems it is actually pretty hard right now to tell what exactly TiVo was preventing at the time. There are some articles, like the one you cited, that claim TiVo devices would check the signature of the kernel and other software, and refuse to run their own proprietary software. However, other articles (some cited in this paper) claim that in fact TiVo devices would not boot a modified kernel. This seems more plausible to me, given the FSF's reaction and additional langauge added to GPLv3 specifically to prevent what TiVo was doing - modifications which would prohibit the latter case but not the former (were the kernel to ever adopt GPLv3).
That article clashes with many of Richard Stallman's claims. In particular, the article claims that the Series 2 TiVos allowed the user to run any modified kernel, but disabled the TiVo proprietary software. In contrast, Stallman has many public statements claiming explicitly that the TiVo devices would fail to boot or shut down immediately if a modified kernel was detected:
> For instance, the Tivo itself is the prototype of tivoisation. The Tivo contains a small GNU/Linux operating system, thus, several programs under the GNU GPL. And, as far as I know, the Tivo company does obey GPL version 2. They provide the users with source code and the users can then modify it and compile it and then install it in the Tivo. That's where the trouble begins because the Tivo will not run modified versions, the Tivo contains hardware designed to detect that the software has been changed and shuts down. So, regardless of the details of your modification, your modified version will not run in your Tivo. [emphasis mine]
> One major danger that GPLv3 will block is tivoization. Tivoization means computers (called “appliances”) contain GPL-covered software that you can't change, because the appliance shuts down if it detects modified software. The usual motive for tivoization is that the software has features the manufacturer thinks lots of people won't like. The manufacturers of these computers take advantage of the freedom that free software provides, but they don't let you do likewise.
Linus Torvalds, from many public statements about cryptographically signed kernels, shares this same view of what the GPLv2 allows:
> And it’s important to realize that signed kernels that you can’t run in
modified form under certain circumstances is not at all a bad idea in many
cases. For example, distributions signing the kernel modules (that are
distributed under the GPL) that _they_ have compiled, and having their
kernels either refuse to load them entirely (under a “secure policy”) or
marking the resulting kernel as “Tainted” (under a “less secure” policy)
is a GOOD THING.
I wasn't around then, but I would be surprised if that description of TiVo's actions is accurate. I'm more inclined to believe the blog post from the person who "led the GPLv2 enforcement effort against TiVo" than the definition of tivoization that exists in the popular consciousness, which I expect is a political invention of the community over time. The article says "At the time, TiVo was doing the right thing in providing what the GPLv2 requires — including the ability to reinstall GNU and Linux software onto the actual device" and "TiVo never prevented such reinstallation". There is a whole section "How Discussion Focused on Cryptographic Lockdown Generally" about where the cryptographic lockdown worries came from; it was years after TiVo, during the GPLv3 drafting process. They even link to resources about how to update Linux on TiVo devices, one of them mentions breaking the "encryption" involves modifying the "tivoapp" userspace binary in a way that looks to me like disabling checking of the Linux kernel hash.
Linus is saying that signed Linux kernels are a good thing (and I concur), the situations he was describing there are for Secure Boot based systems, which are explicitly designed to allow for software freedom. IIRC this happens in a couple of ways:
1. the UEFI firmware requirements set by Microsoft require the ability to disable Secure Boot, and ISTR also require or encourage the ability to enroll secondary keys.
2. the shim firmware built by a distro and signed by Microsoft and booted by the UEFI firmware allows a physically present user to enroll secondary keys, and then all the layers beyond shim support verifying things using those keys.
Of course Microsoft controlled Secure Boot isn't the only kind of cryptographic lockdown in use today. The method used on mainstream Android phones is different and I don't know the details but I think it allows wiping the phone and then booting unsigned Linux kernel builds but I don't think it allows the MOK style setup from the PC UEFI world. The Apple M1 devices have yet another system.
"to update the Linux kernel/etc"
If they aren't using a stock kernel with drivers already in the kernel, then clearly they have to distribute that code (which might just be a shim like with nvidea), but not boot from it -- it's not GPL3