diff --git a/oak_attestation_verification/src/verifier.rs b/oak_attestation_verification/src/verifier.rs
index c413a6ec1b9..76aa621b05a 100644
--- a/oak_attestation_verification/src/verifier.rs
+++ b/oak_attestation_verification/src/verifier.rs
@@ -528,7 +528,10 @@ fn verify_kernel_layer(
     )
     .context("kernel failed verification")?;
 
-    if let Some(kernel_raw_cmd_line) = values.kernel_raw_cmd_line.as_ref() {
+    // TODO: b/331252282 - Remove temporary workaround for cmd line.
+    if let Some(kernel_raw_cmd_line) = values.kernel_raw_cmd_line.as_ref()
+        && kernel_raw_cmd_line.len() < 256
+    {
         verify_text(
             now_utc_millis,
             kernel_raw_cmd_line.as_str(),
@@ -540,7 +543,7 @@ fn verify_kernel_layer(
         )
         .context("kernel command line failed verification")?;
     } else {
-        // Support missing kernel_raw_cmd_line but only if the corresponding reference
+        // Support invalid kernel_raw_cmd_line but only if the corresponding reference
         // value is set to skip. This is a temporary workaround until all clients are
         // migrated.
         anyhow::ensure!(
@@ -553,7 +556,7 @@ fn verify_kernel_layer(
                     .as_ref(),
                 Some(text_reference_value::Type::Skip(_))
             ),
-            "No kernel_raw_cmd_line provided"
+            "No valid kernel_raw_cmd_line provided"
         )
     }
 
diff --git a/stage0/src/lib.rs b/stage0/src/lib.rs
index 6abead7c309..378c2786efd 100644
--- a/stage0/src/lib.rs
+++ b/stage0/src/lib.rs
@@ -42,7 +42,7 @@ use x86_64::{
 };
 use zerocopy::AsBytes;
 
-use crate::{kernel::KernelType, sev::GHCB_WRAPPER, smp::AP_JUMP_TABLE};
+use crate::{alloc::string::ToString, kernel::KernelType, sev::GHCB_WRAPPER, smp::AP_JUMP_TABLE};
 
 mod acpi;
 mod acpi_tables;
@@ -308,11 +308,17 @@ pub fn rust64_start(encrypted: u64) -> ! {
     log::debug!("ACPI table generation digest: sha2-256:{}", hex::encode(acpi_sha2_256_digest));
     log::debug!("E820 table digest: sha2-256:{}", hex::encode(memory_map_sha2_256_digest));
 
+    // TODO: b/331252282 - Remove temporary workaround for cmd line length.
+    let cmdline_max_len = 256;
     let measurements = oak_stage0_dice::Measurements {
         acpi_sha2_256_digest,
         kernel_sha2_256_digest: kernel_info.measurement,
         cmdline_sha2_256_digest,
-        cmdline: cmdline.clone(),
+        cmdline: if cmdline.len() > cmdline_max_len {
+            cmdline[..cmdline_max_len].to_string()
+        } else {
+            cmdline.clone()
+        },
         ram_disk_sha2_256_digest,
         setup_data_sha2_256_digest,
         memory_map_sha2_256_digest,