fix : apply the suggestion from doc team

Author: Zheng Zhong

docs/en/security/flash-encryption.rst

@@ -512,7 +512,7 @@ If all partitions needs to be updated in encrypted format, run:
 
 .. note::
 
-    The above operations only apply if the `DIS_DOWNLOAD_MANUAL_ENCRYPT` eFuse bit has not been programmed. If this eFuse bit has been programmed, you need to flash the encrypted firmware image instead.
+    The above operations are only applicable when the ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse bit has not been programmed. If this eFuse bit has been programmed, you must flash the pre-encrypted ciphertext image instead.
 
 .. _flash-enc-release-mode:
 

docs/en/security/security-features-enablement-workflows.rst

@@ -320,7 +320,7 @@ In this case all the eFuses related to Flash Encryption are written with help of
 
     .. note::
 
-        If secure boot is also enabled, please perform the secure boot firmware signing first, and then carry out the above encryption operation.
+        If secure boot is enabled, perform secure boot signing of the firmware before carrying out the above encryption operation.
 
     In the above command, the offsets are used for a sample firmware, and the actual offset for your firmware can be obtained by checking the partition table entry or by running `idf.py partition-table`. Please note that not all the binaries need to be encrypted, the encryption applies only to those generated from the partitions which are marked as ``encrypted`` in the partition table definition file. Other binaries are flashed unencrypted, i.e., as a plain output of the build process.
 

docs/zh_CN/security/flash-encryption.rst

@@ -512,7 +512,7 @@ flash 加密设置
 
 .. note::
 
-    上述操作仅适用于 DIS_DOWNLOAD_MANUAL_ENCRYPT eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录，则需要烧录加密后的密文镜像。
+    上述操作仅适用于 ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` eFuse 位未被烧录的情况。如果该 eFuse 位已被烧录，则需要烧录加密后的密文镜像。
 
 .. _flash-enc-release-mode:
 

docs/zh_CN/security/security-features-enablement-workflows.rst

@@ -320,7 +320,7 @@
 
     .. note::
 
-        如同时开启了 secure boot，请先 secure boot 签名固件后再做上述加密操作。
+        如果同时启用了安全启动功能，请先对固件进行安全启动签名，再执行上述加密操作。
 
     上述命令中的偏移量仅适用于示例固件，请通过检查分区表条目或运行 `idf.py partition-table` 来获取你固件的实际偏移量。请注意，不需要加密所有二进制文件，只需加密在分区表定义文件中带有 ``encrypted`` 标记的文件，其他二进制文件只作为构建过程的普通输出进行烧录。
 
@@ -733,4 +733,4 @@ Secure Boot v2 指南
 
     使用 ``esptool.py`` 命令，将 NVS 分区 (``nvs_encr_partition.bin``) 和 NVS 加密密钥 (``nvs_encr_key.bin``) 烧录到各自的偏移地址。通过 ``idf.py build`` 成功后打印的输出，可查看所有推荐的 ``esptool.py`` 命令行选项。
 
-    若芯片启用了 flash 加密，请在烧录之前先加密 NVS 加密秘钥分区。详情请参阅 `flash 加密工作流程 <enable-flash-encryption-externally_>`_ 中与烧录相关的步骤。
+    若芯片启用了 flash 加密，请在烧录前先对 NVS 加密密钥分区进行加密。详情请参阅 `flash 加密工作流程 <enable-flash-encryption-externally_>`_ 中与烧录相关的步骤。