An attacker who has physical access to your machine can pull the disk and put his own kernel on it that will perform his own nefarious tasks. But if you made use of the TC module then I believe you can prevent him from being able to do this -- the system will simply refuse to load his modified kernel.
The attackar can then copy all data, install keyloggers, trojans, backdoors and what not, so you are SOL anyway.
That's not correct; at least, not with this hardware. If the data is protected by TPM (e.g., encrypted with a TPM-controlled key) he could copy it but not read it, and if the OS' TPM protection was enabled (e.g., only able to run binaries signed with a TPM-controlled key) then he wouldn't be able to install that software in a way that it actually ran.
The scenario was a signed kernel. But you show a great example of another reason why TC is evil: users cannot install local software, since local software is not signed, it cannot be run. If a user can insert a unsigned program that is run, they can insert trojans, keyloggers and what not.
The best an attacker would be able to do would be to swap out the hardware of yours with something he had control of; but even then, the TPM in the new hardware (if it even existed) wouldn't be able to access your data since the encryption keys in the hardware would be different - you'd basically have to retrieve the keys out of the TPM chip via scanning electron microscopes or some such.
In many ways, a TPM chip isn't that much different to the FSFE membership card - you can have encryption keys in the hardware which are pretty tough to extract, and if the user has control over those, there are a lot of security features you can turn on. The fact that it's inbuilt into the hardware makes it tough to tamper with.
I find the GPG card (or whatever it is called) quite different from TC, it doesn't prohibit you from running things. And this is the sole, and _only_ goal of TC, to control who can run what, via hardware so that others cannot decide what they will do.