A key difference is that a hard drive can't secretly send information out. I'm fine with an isolated component the rest of the architecture can treat as a black box (even sending only encrypted data to it). But the wifi chip can easily build its own IP packets and leak a bunch of information to the internet or it can have an easily exploitable backdoor.
a hard drive is a huge source of attack vector. In particular if you're running full disk encryption with a very tiny unencrypted ext2 boot/grub2 partition, malicious firmware on a disk can intercept the plaintext keystrokes for a passphrase-unlock on FDE. This is a known intelligence agency attack vector.
This specific platform has all of the tpm module feature set disabled, no? Since the code running inside the tpm is proprietary and closed. To the best of my knowledge super gpl zealot users rarely choose to store a key in the tpm for full disk encryption unlocking purposes.