From 7cfe31ba59bd3905d46655f0e45d1ce41a8be766 Mon Sep 17 00:00:00 2001
From: Mikko Ylinen <mikko.ylinen@intel.com>
Date: Thu, 28 May 2026 09:26:24 +0300
Subject: [PATCH] pcsclient: serialize qeidentity and tdqeidentity as JSON

_fetch_identity() sets the raw PCS response body (a JSON string)
directly to the output dict which gets serialized as a string in
the final JSON output file with json.dumps().

The result is that the output file cannot be deserialized as
Enclave Identity V2 JSON.

Similar to how TCB Info is already handled, parse Enclave Identity
response before storing the PCS response into the output_json
dict. This makes (td)qeidentity to look proper JSON.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
---
 tools/PcsClientTool/pcsclient.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/PcsClientTool/pcsclient.py b/tools/PcsClientTool/pcsclient.py
index 6b76568d..99f5b858 100755
--- a/tools/PcsClientTool/pcsclient.py
+++ b/tools/PcsClientTool/pcsclient.py
@@ -362,7 +362,7 @@ def _fetch_identity(self, identity_type):
                     return False
             else:
                 key_suffix = '_early' if update == 'early' else ''
-                self.output_json["collaterals"][f"{identity_type}identity{key_suffix}"] = identity[0]
+                self.output_json["collaterals"][f"{identity_type}identity{key_suffix}"] = json.loads(identity[0])
                 if identity_type == 'qe':
                     self.output_json["collaterals"]["certificates"][PCS.HDR_Enclave_Identity_Issuer_Chain] = identity[1]
         return True