diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
index 6e9975588d..3b6acf0048 100644
--- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
@@ -437,6 +437,7 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
         err = read_and_verify_partition_table(partition->pos.offset, partition_table, &num_partitions);
         should_encrypt = (err == ESP_OK && num_partitions != 0);
     } else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA)
+                || (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_TEE_OTA)
                 || (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_NVS_KEYS)) {
         /* check if we have ota data partition and the partition should be encrypted unconditionally */
         should_encrypt = true;
diff --git a/components/esp_partition/partition.c b/components/esp_partition/partition.c
index b4d17bec4c..2e59589029 100644
--- a/components/esp_partition/partition.c
+++ b/components/esp_partition/partition.c
@@ -88,6 +88,7 @@ static bool is_partition_encrypted(bool encryption_config, esp_partition_type_t
                 || (type == ESP_PARTITION_TYPE_BOOTLOADER)
                 || (type == ESP_PARTITION_TYPE_PARTITION_TABLE)
                 || (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_OTA)
+                || (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_TEE_OTA)
                 || (type == ESP_PARTITION_TYPE_DATA && subtype == ESP_PARTITION_SUBTYPE_DATA_NVS_KEYS)) {
         /* If encryption is turned on, all app partitions and OTA data
             are always encrypted */
diff --git a/components/esptool_py/project_include.cmake b/components/esptool_py/project_include.cmake
index 20cd576727..24db465076 100644
--- a/components/esptool_py/project_include.cmake
+++ b/components/esptool_py/project_include.cmake
@@ -289,12 +289,14 @@ function(esptool_py_partition_needs_encryption retencrypted partition_name)
         #   - DATA 0x01
         # Subtypes:
         #   - ota      0x00
+        #   - TEE ota  0x90
         #   - nvs_keys 0x04
         # If the partition is an app, an OTA or an NVS keys partition, then it should
         # be encrypted
         if(
                 (${type} EQUAL 0) OR
                 (${type} EQUAL 1 AND ${subtype} EQUAL 0) OR
+                (${type} EQUAL 1 AND ${subtype} EQUAL 144) OR
                 (${type} EQUAL 1 AND ${subtype} EQUAL 4)
           )
             set(encrypted TRUE)