If an attacker has physical access to your device, you should not use the device afterwards, ever. There are some mitigations like Secure Boot and Heads OS, but they only slow down the attacker. Given enough time, you cannot stop him. Heads OS is pretty much for giving your laptop to airport security temporary and Secure Boot has been hacked in a minute. Although that was using TMP outside of the CPU, I would not trust Secure Boot with TMP 2.0 for anything other than a quick customs check either.
Using FDE as a protection against physical attacks is just a false sense of security. Veracrypt for example go as far as to say that secure boot is false sense of security.
For maximum paranoia there is a use for FDE, though. If you install a crappy app that saves data outside of RAM, /home, /var and /tmp, the data won’t get leaked. Though that would be a massive security issue because most linux computers are servers which cannot use FDE.