If I were letting a computer out of my physical control these days, with (relatively) easy full disk encryption, or the ability to run on an external disk, my primary concern would be compromise of the hardware itself.
These days that happens at the firmware or OOB management level. Hacking Team & CIA implants for UEFI/Mac firmware have been demonstrated, and hoarded for years now. Who knows what the NSA, CIA and worse (depending on your threat model)… groups like Hacking Team now have.
Intel screwed up their AMT simply and made it insanely vulnerable to (remote) compromise — simply flipping AMT on if it has been disabled and recording a bit of meta-information about your laptop may be enough to fully compromise it later!
Currently I would suggest doing a before/after hash of all firmwares on the system for which you can get a dump and create a hash, ditto for the firmware settings (eg: because of settings like AMT which create vulnerability) at the least.
My company https://preosec.com is working on this and we’ll have blog post with travel-related guidance out soon. My business partner has been running the blog https://firmwaresecurity.com for years to try and highlight the issues at this level.