diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
index cf513b1998..690c7881ef 100644
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -539,6 +539,7 @@ menu "Security features"
     config SECURE_FLASH_ENC_ENABLED
         bool "Enable flash encryption on boot (READ DOCS FIRST)"
         default N
+        select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         help
             If this option is set, flash contents will be encrypted by the bootloader on first boot.
 
diff --git a/components/spi_flash/Kconfig b/components/spi_flash/Kconfig
index e884726c5b..d69ce3e990 100644
--- a/components/spi_flash/Kconfig
+++ b/components/spi_flash/Kconfig
@@ -139,4 +139,13 @@ menu "SPI Flash driver"
 
     endmenu #auto detect flash chips
 
+    config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
+        bool "Enable encrypted partition read/write operations"
+        default y
+        help
+            This option enables flash read/write operations to encrypted partition/s. This option
+            is kept enabled irrespective of state of flash encryption feature. However, in case
+            application is not using flash encryption feature and is in need of some additional
+            memory from IRAM region (~1KB) then this config can be disabled.
+
 endmenu
diff --git a/components/spi_flash/partition.c b/components/spi_flash/partition.c
index 4457d63360..21dce006ea 100644
--- a/components/spi_flash/partition.c
+++ b/components/spi_flash/partition.c
@@ -349,7 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
         return spi_flash_read(partition->address + src_offset, dst, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
     } else {
-#if CONFIG_SECURE_FLASH_ENC_ENABLED
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         if (partition->flash_chip != esp_flash_default_chip) {
             return ESP_ERR_NOT_SUPPORTED;
         }
@@ -369,7 +369,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
         return ESP_OK;
 #else
         return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
     }
 }
 
@@ -391,14 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition,
         return spi_flash_write(dst_offset, src, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
     } else {
-#if CONFIG_SECURE_FLASH_ENC_ENABLED
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         if (partition->flash_chip != esp_flash_default_chip) {
             return ESP_ERR_NOT_SUPPORTED;
         }
         return spi_flash_write_encrypted(dst_offset, src, size);
 #else
         return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
     }
 }
 
diff --git a/tools/unit-test-app/configs/psram b/tools/unit-test-app/configs/psram
index a00f527f89..7536d741ff 100644
--- a/tools/unit-test-app/configs/psram
+++ b/tools/unit-test-app/configs/psram
@@ -3,3 +3,5 @@ CONFIG_ESP32_SPIRAM_SUPPORT=y
 CONFIG_ESP_INT_WDT_TIMEOUT_MS=800
 CONFIG_SPIRAM_OCCUPY_NO_HOST=y
 CONFIG_ESP32_WIFI_RX_IRAM_OPT=n
+# Disable encrypted flash reads/writes to save IRAM in this build configuration
+CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE=n