This bit sounded like mistaken reasoning to me. The GPLv3 never requires distribution of private keys, that is just a bad meme that keeps going around. If the manufacturer pre-loads a machine then they are the ones distributing the software, just like other software where the manufacturer gets a license to distribute from the OS vendor. If, by some mistake, they don't provide a way to load user-customized software, by breaking key installs or preventing secure boot from being disabled, then they are in violation of their distribution license.
In this hypothetical case I think it would make sense for the manufacturer to RMA or refund the bad equipment. I think the talk about disclosing private keys is ludicrous.