> IANAL, but I don't think that can happen. It seems to me that in the above scenario, the manufacturer would be in violation of the GPLv3.
IANAL either. You're forgetting that the manufacturer and Ubuntu have a relationship. If Dell for example accidentally ships a locked down firmware and is in violation, and to be compliant they would need the signing key, they would put pretty significant pressure on Canonical to release the key.