This may be nothing, but on my slice upgraded 6.2 system, I noticed a file in /var/packages called .jpminstall whose job it is to execute a kernel update script from /var/utils. Looking in /var/utils I noticed there are scripts to validate the current kernel against signatures (checkkernel.tcl) and the kernel update routine (updatekernel) called from .jpminstall.

Now its very likely these are just left over from the slices upgrade (the datestamps are not recent), however it would be a trivial matter for Tivo to execute this during a service call if they chose to (I've chosen to rename them, just in case). For those wondering why its not recommended to allow a hacked tivo to call home, this should be reason enough...

The jpm utilities are part of a normal software upgrade. One of the functions of the script is to verify the kernel's signature before installing it during the upgrade. Normally, the packages directory is cleared out after the stuff that's saved there has done its job. So, you're probably just seeing some left over cruft from your manual upgrade.

On the other hand, Tivo's had the ability to run scripts, etc. on your box via "runme" scripts that are downloaded during the daily call. So far, I've only ever seen runme scripts that check the /var partition for excessive usage, one for checking for missing series thumbs, and one that collects commerce info. The fact that they haven't done anything more nefarious with the runme scripts would suggest that they just aren't that interested in actively locking people out of their boxes once they're in.

Just my 2 cents...

-psxboy