diff --git a/components/hal/CMakeLists.txt b/components/hal/CMakeLists.txt
index 6582e5108a..aed9ce17fb 100644
--- a/components/hal/CMakeLists.txt
+++ b/components/hal/CMakeLists.txt
@@ -47,8 +47,10 @@ if(NOT BOOTLOADER_BUILD)
         list(APPEND srcs
             "spi_flash_hal.c"
             "spi_flash_hal_iram.c"
-            "spi_flash_encrypt_hal_iram.c"
         )
+        if(CONFIG_SOC_FLASH_ENC_SUPPORTED)
+            list(APPEND srcs "spi_flash_encrypt_hal_iram.c")
+        endif()
     endif()
 
     if(CONFIG_SOC_SYSTIMER_SUPPORTED AND NOT CONFIG_HAL_SYSTIMER_USE_ROM_IMPL)
diff --git a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h
index db90f252a3..4a0965d896 100644
--- a/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h
+++ b/components/hal/esp32h2/include/hal/spi_flash_encrypted_ll.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -35,9 +35,9 @@ typedef enum
  */
 static inline void spi_flash_encrypt_ll_enable(void)
 {
-    // REG_SET_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
-    //             HP_SYSTEM_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
-    //             HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
+    REG_SET_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYSTEM_ENABLE_DOWNLOAD_MANUAL_ENCRYPT |
+                HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
 }
 
 /*
@@ -45,8 +45,8 @@ static inline void spi_flash_encrypt_ll_enable(void)
  */
 static inline void spi_flash_encrypt_ll_disable(void)
 {
-    // REG_CLR_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
-    //             HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
+    REG_CLR_BIT(HP_SYSTEM_EXTERNAL_DEVICE_ENCRYPT_DECRYPT_CONTROL_REG,
+                HP_SYSTEM_ENABLE_SPI_MANUAL_ENCRYPT);
 }
 
 /**
@@ -59,8 +59,8 @@ static inline void spi_flash_encrypt_ll_disable(void)
 static inline void spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)
 {
     // Our hardware only support flash encryption
-    // HAL_ASSERT(type == FLASH_ENCRYPTION_MANU);
-    // REG_SET_FIELD(SPI_MEM_XTS_DESTINATION_REG(0), SPI_MEM_XTS_DESTINATION, type);
+    HAL_ASSERT(type == FLASH_ENCRYPTION_MANU);
+    REG_SET_FIELD(SPI_MEM_XTS_DESTINATION_REG(0), SPI_MEM_XTS_DESTINATION, type);
 }
 
 /**
@@ -71,7 +71,7 @@ static inline void spi_flash_encrypt_ll_type(flash_encrypt_ll_type_t type)
 static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size)
 {
     // Desired block should not be larger than the block size.
-    // REG_SET_FIELD(SPI_MEM_XTS_LINESIZE_REG(0), SPI_MEM_XTS_LINESIZE, size >> 5);
+    REG_SET_FIELD(SPI_MEM_XTS_LINESIZE_REG(0), SPI_MEM_XTS_LINESIZE, size >> 5);
 }
 
 /**
@@ -84,8 +84,8 @@ static inline void spi_flash_encrypt_ll_buffer_length(uint32_t size)
  */
 static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const uint32_t* buffer, uint32_t size)
 {
-    // uint32_t plaintext_offs = (address % 64);
-    // memcpy((void *)(SPI_MEM_XTS_PLAIN_BASE_REG(0) + plaintext_offs), buffer, size);
+    uint32_t plaintext_offs = (address % 64);
+    memcpy((void *)(SPI_MEM_XTS_PLAIN_BASE_REG(0) + plaintext_offs), buffer, size);
 }
 
 /**
@@ -95,7 +95,7 @@ static inline void spi_flash_encrypt_ll_plaintext_save(uint32_t address, const u
  */
 static inline void spi_flash_encrypt_ll_address_save(uint32_t flash_addr)
 {
-    // REG_SET_FIELD(SPI_MEM_XTS_PHYSICAL_ADDRESS_REG(0), SPI_MEM_XTS_PHYSICAL_ADDRESS, flash_addr);
+    REG_SET_FIELD(SPI_MEM_XTS_PHYSICAL_ADDRESS_REG(0), SPI_MEM_XTS_PHYSICAL_ADDRESS, flash_addr);
 }
 
 /**
@@ -103,7 +103,7 @@ static inline void spi_flash_encrypt_ll_address_save(uint32_t flash_addr)
  */
 static inline void spi_flash_encrypt_ll_calculate_start(void)
 {
-    // REG_SET_FIELD(SPI_MEM_XTS_TRIGGER_REG(0), SPI_MEM_XTS_TRIGGER, 1);
+    REG_SET_FIELD(SPI_MEM_XTS_TRIGGER_REG(0), SPI_MEM_XTS_TRIGGER, 1);
 }
 
 /**
@@ -111,8 +111,8 @@ static inline void spi_flash_encrypt_ll_calculate_start(void)
  */
 static inline void spi_flash_encrypt_ll_calculate_wait_idle(void)
 {
-    // while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_MEM_XTS_STATE) == 0x1) {
-    // }
+    while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_MEM_XTS_STATE) == 0x1) {
+    }
 }
 
 /**
@@ -120,9 +120,9 @@ static inline void spi_flash_encrypt_ll_calculate_wait_idle(void)
  */
 static inline void spi_flash_encrypt_ll_done(void)
 {
-    // REG_SET_BIT(SPI_MEM_XTS_RELEASE_REG(0), SPI_MEM_XTS_RELEASE);
-    // while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_MEM_XTS_STATE) != 0x3) {
-    // }
+    REG_SET_BIT(SPI_MEM_XTS_RELEASE_REG(0), SPI_MEM_XTS_RELEASE);
+    while(REG_GET_FIELD(SPI_MEM_XTS_STATE_REG(0), SPI_MEM_XTS_STATE) != 0x3) {
+    }
 }
 
 /**
@@ -130,7 +130,7 @@ static inline void spi_flash_encrypt_ll_done(void)
  */
 static inline void spi_flash_encrypt_ll_destroy(void)
 {
-    // REG_SET_BIT(SPI_MEM_XTS_DESTROY_REG(0), SPI_MEM_XTS_DESTROY);
+    REG_SET_BIT(SPI_MEM_XTS_DESTROY_REG(0), SPI_MEM_XTS_DESTROY);
 }
 
 /**
@@ -141,7 +141,7 @@ static inline void spi_flash_encrypt_ll_destroy(void)
  */
 static inline bool spi_flash_encrypt_ll_check(uint32_t address, uint32_t length)
 {
-    return false;//((address % length) == 0) ? true : false;
+    return ((address % length) == 0) ? true : false;
 }
 
 #ifdef __cplusplus
diff --git a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
index 6af4dc522b..179bd709bf 100644
--- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
@@ -111,6 +111,10 @@ config SOC_DIG_SIGN_SUPPORTED
     bool
     default y
 
+config SOC_FLASH_ENC_SUPPORTED
+    bool
+    default y
+
 config SOC_BOD_SUPPORTED
     bool
     default y
diff --git a/components/soc/esp32h2/include/soc/soc_caps.h b/components/soc/esp32h2/include/soc/soc_caps.h
index b1302fe576..b973516e59 100644
--- a/components/soc/esp32h2/include/soc/soc_caps.h
+++ b/components/soc/esp32h2/include/soc/soc_caps.h
@@ -58,7 +58,7 @@
 #define SOC_SHA_SUPPORTED               1
 #define SOC_HMAC_SUPPORTED              1
 #define SOC_DIG_SIGN_SUPPORTED          1
-// #define SOC_FLASH_ENC_SUPPORTED         1 // TODO: IDF-6282
+#define SOC_FLASH_ENC_SUPPORTED         1
 // #define SOC_SECURE_BOOT_SUPPORTED       1 // TODO: IDF-6281
 #define SOC_BOD_SUPPORTED               1
 #define SOC_APM_SUPPORTED               1
@@ -384,7 +384,6 @@
 #define SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS   1
 #define SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY  1
 
-// TODO: IDF-6282 (Copy from esp32c6, need check)
 /*-------------------------- Flash Encryption CAPS----------------------------*/
 #define SOC_FLASH_ENCRYPTED_XTS_AES_BLOCK_MAX   (32)
 #define SOC_FLASH_ENCRYPTION_XTS_AES        1
diff --git a/docs/docs_not_updated/esp32h2.txt b/docs/docs_not_updated/esp32h2.txt
index fe90572602..997076574e 100644
--- a/docs/docs_not_updated/esp32h2.txt
+++ b/docs/docs_not_updated/esp32h2.txt
@@ -126,7 +126,6 @@ api-reference/protocols/esp_tls
 api-reference/protocols/mdns
 api-reference/protocols/index
 api-reference/protocols/asio
-security/flash-encryption
 security/esp32h2_log.inc
 security/security
 security/secure-boot-v2
diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst
index c52cd4dc39..a66304962a 100644
--- a/docs/en/security/flash-encryption.rst
+++ b/docs/en/security/flash-encryption.rst
@@ -903,11 +903,11 @@ On the first boot, the flash encryption process burns by default the following e
   .. list::
 
     - ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` which disables flash encryption operation when running in UART bootloader boot mode.
-    :esp32s2 or esp32s3: - ``DIS_DOWNLOAD_ICACHE`` and ``DIS_DOWNLOAD_DCACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
-    :esp32c3 or esp32c2 or esp32c6: - ``DIS_DOWNLOAD_ICACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
+    :SOC_EFUSE_DIS_DOWNLOAD_ICACHE and SOC_EFUSE_DIS_DOWNLOAD_DCACHE: - ``DIS_DOWNLOAD_ICACHE`` and ``DIS_DOWNLOAD_DCACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
+    :SOC_EFUSE_DIS_DOWNLOAD_ICACHE and not SOC_EFUSE_DIS_DOWNLOAD_DCACHE: - ``DIS_DOWNLOAD_ICACHE`` which disables the entire MMU flash cache when running in UART bootloader mode.
     :esp32s2: - ``HARD_DIS_JTAG`` which disables JTAG.
-    :esp32c3 or esp32c6: - ``DIS_PAD_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG.
-    :esp32s3: - ``HARD_DIS_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG.
+    :SOC_EFUSE_DIS_PAD_JTAG and SOC_EFUSE_DIS_USB_JTAG: - ``DIS_PAD_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG.
+    :SOC_EFUSE_HARD_DIS_JTAG and SOC_EFUSE_DIS_USB_JTAG: - ``HARD_DIS_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG.
     - ``DIS_DIRECT_BOOT`` (old name ``DIS_LEGACY_SPI_BOOT``)  which disables direct boot mode
 
 However, before the first boot you can choose to keep any of these features enabled by burning only selected eFuses and write-protect the rest of eFuses with unset value 0. For example: