Trezor's security features list [0] mentions firmware verification, JTAG, and welding - strongly implying that intends on at least some resistance to physical attack. This is not uncommon for hardware cryptography modules. Since 2001, the federal government has had a certification program, FIPS 140-2 [1], recognizing four different levels of physical attack resistance.

The security engineering industry is very interested in the capability to physically ship secrets to potentially hostile actors inside devices that limit their use or duplication. There are many many applications:

- Payment cards: EMV credit/debit, transit, laundry, parking, prepaid electric meters, etc.

- DRM: Widevine for Netflix, DCP for your local movie theater, anti-piracy and anti-cheat in your Xbox.

- Privacy: the iPhone's Secure Element only decrypts user data given the right PIN, rate limits or caps attempts, resists extraction of private key, much to FBI's disappointment.

- Root of trust: enterprise HSMs for PKI will only enable signing operations with their internal private keys after the presentation of a quorum of operator credentials [2].

Ross Anderson's Security Engineering has a great chapter on this [3].

[0] https://trezor.io/security/ [1] https://en.wikipedia.org/wiki/FIPS_140-2 [2] https://www.cloudflare.com/dns/dnssec/root-signing-ceremony/ [3] https://www.cl.cam.ac.uk/~rja14/Papers/SEv3-ch18-dec18.pdf