From what I understand the key is verifying that BIOS and unencrypted part of disk is unaltered. It is not verifying that any of the encrypted part of the hard drive has been tampered with. As such, it is not storing the hard drive decryption key on the USB stick.
Measured boot allows to verify the integrity of the installed firmware (which itself verifies the integrity of the Linux boot partition) by a separate Nitrokey. The idea is that you have your Nitrokey nearby and therefore safe against compromise, other than the laptop which may be left unattended.