This error indicates that the certificate used to verify a binary with the imgverify
command is not a signing certificate. A certificate used for code-signing must include the digitalSignature key usage.
Things to try:
codesign.crt
:$ openssl x509 -in codesign.crt -noout -text ... X509v3 extensions: X509v3 Key Usage: Digital Signature X509v3 Extended Key Usage: Code Signing ...
keyUsage=digitalSignature extendedKeyUsage=codeSigning
A certificate used for code-signing must also include the codeSigning extended key usage.