Which is good enough in most cases. If an attack can walk in and physically tamper with you computer peripherals you generally have bigger problems.

As a very general rule, most attackers are insiders.

Insiders are easier to identify and deal with. Be it a rogue employee or a nasty sister.

There is no password policy that protects against rubber hose cryptanalysis.

Sure there is. I believe the classical approach is cyanide in a false tooth.

A less classical is divulging a self destruct/lockout password.

Pity so few systems support this.

That's going to go badly for you the moment the attackers realise what you've done. Admittedly they'll no longer be able to compromise the account, but you better really care about that.

How about ... a duress code that diverts to a system that looks like the real one but actually contains disinformation (possibly including a misdirection that makes them think you were on their side all along, so that they let you go)

I'd say that in most cases, the safest approach to a duress code would simply be to give real access to the system, possibly with lower privileges if it can be done without too much suspicion, while also triggering an alarm.

The cost of maintaining a sufficiently real-looking system is likely to be very high, with the very real risk that it won't fool an attacker.