TPM-only saves you against someone pulling your drive. Probably more than enough for a USB drive. Enable startup PIN if you’re worried about someone grabbing the whole laptop.
I think it does not make much sense to protect the USB drive, as you won't be able to access it from another computer which is what USB drives are for. It makes sense to protect interval drives, but it is unlikely that someone would remove the drives and leave an expensive laptop to the owner.
I think of TPM-only more like a privacy lock than a deadbolt.
An encrypted external drive though works like a safe. Put things in there you want to keep safe but don’t need every day. Air gapped while not in use makes it even more safe.
Some modern CPUs have moved the TPM inside the CPU itself. But traditionally, TPMs were attached via the LPC (low pin-count) bus, and you could absolutely sniff them or de-solder them and arbitrarily MiTM.