Source devices aren't required to output a DRM'ed signal though, are they? I think the DRM is only required on the receiver side. In that case a compliant source wouldn't need any keys, and besides, that wasn't a blocker for the previous HDMI versions which supported DRM too.

IIUC they're required to do a handshake involving encryption. Which is a form of DRM to enforce centralized control over the device ecosystem even if the subsequent video signals are not encrypted.