I want to ensure my product is only run on genuine GNU/Linux copies.
Every genuine GNU/Linux copy has a Certificate of Authenticity on a computer, like this one.
Where is product key from it stored? How do I check if it is valid, revoked or never existed?
If you look at the link in the image, it explains that this is a scam: https://notabug.org/GLATs/howtotell
Any open source copy of Linux (including any official Arch Linux distribution) is genuine because the open source license grants freedom of usage without needing anything like license activation. They don't have activation files or license keys, just files with open source license information.
If you're concerned about licensing for a specific Linux I'd recommend reading its license file. Either way I doubt you'd ever have to check license keys for a Linux, unless it's proprietary like Red Hat Enterprise Linux.
