The one-shot TPM2_Hash command is implementation-dependent, depending on MAX_DIGEST_BUFFER which is only guaranteed by the spec to be up to 1,024 bytes. Some TPMs may support larger buffers, leading to code which works on some TPMs (like the simulator) but not others (like a real discrete TPM with limited RAM). For more than 1024 bytes of data, the sequence commands should be used, but these aren't yet implemented by go-tpm.

We have a couple of options here:

• Change Hash* under-the-hood to use the sequence commands automatically. This will cause an overhead of one additional command compared to TPM2_Hash
• Add new variant(s) of Hash* to use the sequence commands on an arbitrarily large byte slice
• Add all the sequence commands in a 1:1 relationship with the TPM 2.0 API and make callers call functions for each of Hash_Start/SequenceUpdate/SequenceComplete.