diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
index 8a75cd2f11..6e9975588d 100644
--- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
@@ -175,10 +175,12 @@ static esp_err_t check_and_generate_encryption_keys(void)
         if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
             tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
         }
+#if CONFIG_SECURE_FLASH_ENCRYPTION_AES256
         if (i == 1 && tmp_has_key != has_key) {
             ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set.");
             return ESP_ERR_INVALID_STATE;
         }
+#endif
         has_key &= tmp_has_key;
     }
 
diff --git a/components/esp_tee/subproject/components/attestation/esp_att_utils_crypto.c b/components/esp_tee/subproject/components/attestation/esp_att_utils_crypto.c
index 886a3295d2..2bbffce7b3 100644
--- a/components/esp_tee/subproject/components/attestation/esp_att_utils_crypto.c
+++ b/components/esp_tee/subproject/components/attestation/esp_att_utils_crypto.c
@@ -261,9 +261,10 @@ esp_err_t esp_att_utils_ecdsa_get_pubkey(const esp_att_ecdsa_keypair_t *keypair,
     }
 
     *pubkey_hexstr = hexstr;
-    err = ESP_OK;
+    return ESP_OK;
 
 exit:
+    free(hexstr);
     return err;
 }
 
diff --git a/components/esp_tee/subproject/components/tee_sec_storage/tee_sec_storage.c b/components/esp_tee/subproject/components/tee_sec_storage/tee_sec_storage.c
index 4d39a6a6e5..6a34c23a1f 100644
--- a/components/esp_tee/subproject/components/tee_sec_storage/tee_sec_storage.c
+++ b/components/esp_tee/subproject/components/tee_sec_storage/tee_sec_storage.c
@@ -640,6 +640,7 @@ static esp_err_t tee_sec_storage_crypt_common(uint16_t slot_id, uint8_t *input,
         if (ret != 0) {
             ESP_LOGE(TAG, "Error in encrypting data: %d", ret);
             err = ESP_FAIL;
+            goto exit;
         }
     } else {
         ret = mbedtls_gcm_auth_decrypt(&gcm, len, keyctx.aes256_gcm.iv, AES256_GCM_IV_LEN,
@@ -647,6 +648,7 @@ static esp_err_t tee_sec_storage_crypt_common(uint16_t slot_id, uint8_t *input,
         if (ret != 0) {
             ESP_LOGE(TAG, "Error in decrypting data: %d", ret);
             err = ESP_FAIL;
+            goto exit;
         }
     }
     err = ESP_OK;