diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
index 4e080668af..2f4ecf9cc1 100644
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -1106,8 +1106,9 @@ menu "Security features"
 
     config SECURE_FLASH_PSEUDO_ROUND_FUNC
         bool "Permanently enable XTS-AES's pseudo rounds function"
-        default y
-        depends on SECURE_FLASH_ENCRYPTION_MODE_RELEASE && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
+        default y if SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+        default n
+        depends on SECURE_FLASH_ENC_ENABLED && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
         help
             If set (default), the bootloader will permanently enable the XTS-AES peripheral's pseudo rounds function.
             Note: Enabling this config would burn an efuse.
diff --git a/components/bootloader_support/include/esp_flash_encrypt.h b/components/bootloader_support/include/esp_flash_encrypt.h
index efc061edf5..e81457450f 100644
--- a/components/bootloader_support/include/esp_flash_encrypt.h
+++ b/components/bootloader_support/include/esp_flash_encrypt.h
@@ -215,6 +215,10 @@ bool esp_flash_encryption_cfg_verify_release_mode(void);
  * It burns:
  *  - "disable encrypt in dl mode"
  *  - set FLASH_CRYPT_CNT efuse to max
+ *
+ * In case of the targets that support the XTS-AES peripheral's pseudo rounds function,
+ * this API would configure the pseudo rounds level efuse bit to level low if the efuse bit
+ * is not set already.
  */
 void esp_flash_encryption_set_release_mode(void);
 
diff --git a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c
index e32ec055b0..4e4d6fc227 100644
--- a/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32c5/flash_encryption_secure_features.c
@@ -44,7 +44,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
 
-#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+#if CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC
     ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
     uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
     esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
diff --git a/components/bootloader_support/src/esp32c61/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32c61/flash_encryption_secure_features.c
index 6ddd0c30f5..f09c92db5e 100644
--- a/components/bootloader_support/src/esp32c61/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32c61/flash_encryption_secure_features.c
@@ -40,7 +40,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
 
-#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+#if CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC
     ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
     uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
     esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
diff --git a/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
index 1deee096fa..9b0e8c043b 100644
--- a/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
@@ -36,7 +36,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
 
-#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND)
+#if CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
         ESP_LOGI(TAG, "Enable XTS-AES pseudo rounds function...");
         uint8_t xts_pseudo_level = CONFIG_SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH;
diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c
index b675cb0c7f..d350fa361d 100644
--- a/components/bootloader_support/src/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encrypt.c
@@ -212,8 +212,13 @@ void esp_flash_encryption_set_release_mode(void)
 
 #ifdef SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
     if (spi_flash_encrypt_ll_is_pseudo_rounds_function_supported()) {
-        uint8_t xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
-        esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        uint8_t xts_pseudo_level = 0;
+        esp_efuse_read_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+
+        if (xts_pseudo_level == ESP_XTS_AES_PSEUDO_ROUNDS_DISABLE) {
+            xts_pseudo_level = ESP_XTS_AES_PSEUDO_ROUNDS_LOW;
+            esp_efuse_write_field_blob(ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL, &xts_pseudo_level, ESP_EFUSE_XTS_DPA_PSEUDO_LEVEL[0]->bit_count);
+        }
     }
 #endif