diff --git a/dpe/src/commands/derive_context.rs b/dpe/src/commands/derive_context.rs
index 779e6332..200bbb0a 100644
--- a/dpe/src/commands/derive_context.rs
+++ b/dpe/src/commands/derive_context.rs
@@ -206,8 +206,7 @@ impl CommandExecution for DeriveContextCmd {
             || (!dpe.support.internal_dice() && self.uses_internal_dice_input())
             || (!dpe.support.retain_parent_context() && self.retains_parent())
             || (!dpe.support.x509() && self.allows_x509())
-            || (!dpe.support.cdi_export()
-                && (self.creates_certificate() || self.exports_cdi()))
+            || (!dpe.support.cdi_export() && (self.creates_certificate() || self.exports_cdi()))
             || (!dpe.support.recursive() && self.is_recursive())
         {
             return Err(DpeErrorCode::ArgumentNotSupported);
diff --git a/dpe/src/lib.rs b/dpe/src/lib.rs
index b4da833c..1182682d 100644
--- a/dpe/src/lib.rs
+++ b/dpe/src/lib.rs
@@ -25,7 +25,7 @@ pub mod x509;
 
 use zerocopy::{FromBytes, Immutable, IntoBytes, KnownLayout};
 
-const MAX_EXPORTED_CDI_SIZE: usize = 256;
+const MAX_EXPORTED_CDI_SIZE: usize = 32;
 
 // Max cert size returned by CertifyKey
 const MAX_CERT_SIZE: usize = 6144;