fix(esp_security): Set WR_DIS_SECURE_BOOT_SHA384_EN by default when

Flash Encryption Release mode is enabled and Secure Boot P384 scheme not is enabled.

components/bootloader/Kconfig.projbuild

@@ -967,7 +967,7 @@ menu "Security features"
 
         config SECURE_BOOT_SKIP_WRITE_PROTECTION_SCA
             bool "Skip write-protection of SECURE_FLASH_PSEUDO_ROUND_FUNC_STRENGTH"
-            default y if SECURE_FLASH_PSEUDO_ROUND_FUNC
+            default y if SECURE_FLASH_PSEUDO_ROUND_FUNC && !SECURE_FLASH_ENCRYPTION_MODE_RELEASE
             default n
             depends on SOC_ECDSA_SUPPORT_CURVE_P384 && SOC_FLASH_ENCRYPTION_XTS_AES_SUPPORT_PSEUDO_ROUND
             help

components/esp_security/src/init.c

@@ -90,7 +90,7 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
 #if CONFIG_SECURE_BOOT_V2_ENABLED
 // H2, H21
 #if SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
-    // Also write protects the ECDSA_CURVE_MODE efuse bit.
+    // Also write protects the ECC_FORCE_CONST_TIME efuse bit.
     if (ecdsa_ll_is_configurable_curve_supported()) {
         err = esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
         if (err != ESP_OK) {