This is discussion based on experience and reading comprehension, not legal advice.
Hal Martin wrote:
As coreboot is GPL licensed software, I wanted to inform the coreboot community that I believe Cisco Meraki are not acting in good faith and are, in my opinion, violating the GPL by not providing the coreboot source code upon request.
Thanks for the heads up, but this is primarily actionable by yourself.
Whether in good faith or not (noone can know and it doesn't really matter) your supplier should of course comply with the GPL and provide you with the source code that you have a right to receive.
Remember that you may be the only one who has received a specific binary (we can't really know) and therefore you may also be the only one who has the right to receive corresponding source code.
Others - including the coreboot project and/or the Software Conservancy - don't per se have the particular right to receive source code that you have, that would only be the case if they've also received the same binary.
The coreboot project uses GPL so that at least someone (you!) has a right to receive source code.
Once you've received it you can also choose to contribute it into coreboot, because GPL applies.
(Whoever may own the copyright matters little as long as GPL applies.)
See also gpl-violations.org, an organization that could successfully achieve GPL compliance (this is the goal, not public shaming) in a number of high profile cases over the course of several years: