diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
index 3c015c795f..6efa18b0c4 100644
--- a/components/bootloader/Kconfig.projbuild
+++ b/components/bootloader/Kconfig.projbuild
@@ -576,6 +576,7 @@ menu "Security features"
     config SECURE_FLASH_ENC_ENABLED
         bool "Enable flash encryption on boot (READ DOCS FIRST)"
         default N
+        select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         help
             If this option is set, flash contents will be encrypted by the bootloader on first boot.
 
diff --git a/components/spi_flash/Kconfig b/components/spi_flash/Kconfig
index 1317e34b2c..4ca5742be6 100644
--- a/components/spi_flash/Kconfig
+++ b/components/spi_flash/Kconfig
@@ -230,4 +230,13 @@ menu "SPI Flash driver"
 
     endmenu #auto detect flash chips
 
+    config SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
+        bool "Enable encrypted partition read/write operations"
+        default y
+        help
+            This option enables flash read/write operations to encrypted partition/s. This option
+            is kept enabled irrespective of state of flash encryption feature. However, in case
+            application is not using flash encryption feature and is in need of some additional
+            memory from IRAM region (~1KB) then this config can be disabled.
+
 endmenu
diff --git a/components/spi_flash/partition.c b/components/spi_flash/partition.c
index 3d20b0663e..43ce601b36 100644
--- a/components/spi_flash/partition.c
+++ b/components/spi_flash/partition.c
@@ -349,6 +349,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
         return spi_flash_read(partition->address + src_offset, dst, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
     } else {
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         if (partition->flash_chip != esp_flash_default_chip) {
             return ESP_ERR_NOT_SUPPORTED;
         }
@@ -366,6 +367,9 @@ esp_err_t esp_partition_read(const esp_partition_t* partition,
         memcpy(dst, buf, size);
         spi_flash_munmap(handle);
         return ESP_OK;
+#else
+        return ESP_ERR_NOT_SUPPORTED;
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
     }
 }
 
@@ -387,10 +391,14 @@ esp_err_t esp_partition_write(const esp_partition_t* partition,
         return spi_flash_write(dst_offset, src, size);
 #endif // CONFIG_SPI_FLASH_USE_LEGACY_IMPL
     } else {
+#if CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
         if (partition->flash_chip != esp_flash_default_chip) {
             return ESP_ERR_NOT_SUPPORTED;
         }
         return spi_flash_write_encrypted(dst_offset, src, size);
+#else
+        return ESP_ERR_NOT_SUPPORTED;
+#endif // CONFIG_SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
     }
 }