Brief background - my name is Matthew Garrett. I'm a Linux kernel developer working for Red Hat. I bought an original Nook back in 2009 and was responsible for getting Barnes and Noble to release the full kernel source code. When the Nook Color was released I did the same. I've been active in enforcement of the GPL and have a keen interest in helping (or making) companies comply with their obigaitons.
Having said that.
One of the significant differences between GPLv2 and GPLv3 is that GPLv3 makes explicit the requirement that signing keys be shipped. It has been argued that the GPLv2 implicitly requires the same, in the form of the requirement for the scripts required for installation. I'm sympathetic to that claim, and I will not personally distribute any code that requires a private signing key. But I'm not a lawyer and I'm certainly not a judge. Many people who are active in GPL enforcement will agree that vendors should provide the signing keys - but I don't think you'll find any who will actually make that the basis of a case.
B&N are not the only company to require signed kernel images. Many Android devices have locked bootloaders. I think this is a despicable anti-consumer design choice, but nobody's taking action against it. B&N have provided you with the kernel source code. They've done better than many by also providing you with the configuration file. They have a strong argument that by doing so they've complied with the requirements of GPLv2, and while you (and I) may disagree, that's almost certainly going to be as much as they'll be required to do. Consensus at the moment is that they don't need to do any more.
If it went to court then you may end up finding a judge who would rule that they're in violation, but I wouldn't put money on it. I think it's far too extreme to claim that they're actively violating.
Given the relative path, I'm betting that this is an error rather than malicious - they simply didn't tar it up with the other files. It should be fixed, but the fact that it isn't is not a showstopper.
Maybe I'm misunderstanding the complexity of the situation though.
This struck a cord with me.
I own an iPhone, and an Acer Iconia tablet, both of which are locked down. I've jail-broken, or rooted the devices, but the fact that I can't legitimately install custom roms, etc, frustrates the hell out of me.
One advantage I see (but don't agree with) for the iPhone being locked down is users locked into the app store, but for the Iconia?