In a "propperly implemented" TPM, the TPM itself would make the hash check
of the executable code in memory, so passing the wrong hash wouldn't
However, with physical access to the computer, you can simply switch out
the motherboard (and possibly other hardware), and thus bypassing the TPM
module completely. Ofcourse, to do so you must replace hardware, which
costs money, and you will probably have to replace the kernel as well, but
you was going to do that anyway. So all this does is brick the *hardware*
if you try to use other software, and makes stealing or modifying your data
slightly more expensive.
But honestly, I'm way more affraid of the rich bad guy than the poor one...