I think the point of this feature (TPM? at least as I've seen it implemented on laptops) is that you can have a signed bootloader and encrypted drive such that, you don't need a passphrase to boot the OS (the TPM has it, or equivalent), your TPM verifies you are booting a trusted OS (that means it will actually authenticate users in the usual way and check their authorization before granting them access to data)
... and nobody who just picks up your laptop can either read your files without your password, or remove the drive and gain access to your files without the TPM.
Whether that chain all works as I imagine or not, I can't say and I haven't investigated to be able to say. I don't know if all it takes to gain access to the TPM in reality is (physical access to the machine), a USB stick with EFI booting, and any signed OS that will verify you are a root user authorized by that USB stick, which anyone who has $99 can get on their own, or just download Ubuntu or RedHat on your own can get.
That would be a pretty big let-down if that was really all you needed, though.
The threat is that they could do a cold-RAM attack and read the key off the RAM. That does require a bit more physical access than just turning it on.
The other big threat is that TPMs are probably cheaply built, and anyone with decent hardware skills can probably pop the key out of the TPM. I haven't seen the TPMs in laptops boasting anything like FIPS-140-2 Level 4 validation or any real tamper proof abilities.
But for common users, a TPM+Bitlocker transparently deals with the issue of "left laptop in taxi". Microsoft, AFAIK, allows TPM+Bitlocker in lieu of a smartcard for remote access.
The TPM doesn't verify that you're booting a trusted OS as such. Each component of the boot process is hashed and that hash copied into the TPM, and the secret is encrypted in a blob that includes the expected hash values. If the hash values differ, the TPM will refuse to decrypt the secret. So booting a different signed OS won't give you the secret - even though you're a trusted OS, the TPM hashes will be different and the secret will remain encrypted.
... and nobody who just picks up your laptop can either read your files without your password, or remove the drive and gain access to your files without the TPM.
Whether that chain all works as I imagine or not, I can't say and I haven't investigated to be able to say. I don't know if all it takes to gain access to the TPM in reality is (physical access to the machine), a USB stick with EFI booting, and any signed OS that will verify you are a root user authorized by that USB stick, which anyone who has $99 can get on their own, or just download Ubuntu or RedHat on your own can get.
That would be a pretty big let-down if that was really all you needed, though.