diff --git a/boot/boot_serial/src/boot_serial_encryption.c b/boot/boot_serial/src/boot_serial_encryption.c
index de1f8b57a..f0dfd7e54 100644
--- a/boot/boot_serial/src/boot_serial_encryption.c
+++ b/boot/boot_serial/src/boot_serial_encryption.c
@@ -111,7 +111,7 @@ read_image_size(const struct flash_area *fa_p,
  * @return                      0 on success; nonzero on failure.
  */
 static int
-decrypt_region_inplace(struct boot_loader_state *state,
+decrypt_region_inplace(struct enc_data *enc_data,
                        const struct flash_area *fap,
                        struct image_header *hdr,
                        uint32_t off, uint32_t sz)
@@ -123,11 +123,8 @@ decrypt_region_inplace(struct boot_loader_state *state,
     size_t blk_off;
     uint16_t idx;
     uint32_t blk_sz;
-    int slot = flash_area_id_to_multi_image_slot(BOOT_CURR_IMG(state),
-                                                 flash_area_get_id(fap));
     uint8_t buf[sz] __attribute__((aligned));
     assert(sz <= sizeof buf);
-    assert(slot >= 0);
 
     bytes_copied = 0;
     while (bytes_copied < sz) {
@@ -169,7 +166,7 @@ decrypt_region_inplace(struct boot_loader_state *state,
                     blk_sz = tlv_off - (off + bytes_copied);
                 }
             }
-            boot_enc_decrypt(BOOT_CURR_ENC_SLOT(state, slot),
+            boot_enc_decrypt(enc_data,
                     (off + bytes_copied + idx) - hdr->ih_hdr_size, blk_sz,
                     blk_off, &buf[idx]);
         }
@@ -217,8 +214,9 @@ decrypt_image_inplace(const struct flash_area *fa_p,
     size_t sect_count;
     size_t sect;
     struct flash_sector sector;
+    struct enc_key_data enc_data;
 
-    memset(&boot_data, 0, sizeof(struct boot_loader_state));
+    boot_state_clear(state);
     memset(&_bs, 0, sizeof(struct boot_status));
 
     /* Get size from last sector to know page/sector erase size */
@@ -233,26 +231,28 @@ decrypt_image_inplace(const struct flash_area *fa_p,
              FIH_RET(fih_rc);
         }
 #endif
-        memset(&boot_data, 0, sizeof(struct boot_loader_state));
         /* Load the encryption keys into cache */
         rc = boot_enc_load(state, BOOT_SLOT_PRIMARY, hdr, fa_p, bs);
         if (rc < 0) {
-            FIH_RET(fih_rc);
+            goto total_out;
         }
-        if (rc == 0 && boot_enc_set_key(BOOT_CURR_ENC_SLOT(state, BOOT_SLOT_PRIMARY), bs->enckey[BOOT_SLOT_PRIMARY])) {
-            FIH_RET(fih_rc);
+
+        boot_enc_init(&enc_data);
+
+        if (rc == 0 && boot_enc_set_key(&enc_data, bs->enckey[BOOT_SLOT_PRIMARY])) {
+            goto total_out;
         }
     }
     else
     {
         /* Expected encrypted image! */
-        FIH_RET(fih_rc);
+        goto total_out;
     }
 
     uint32_t src_size = 0;
     rc = read_image_size(fa_p,hdr, &src_size);
     if (rc != 0) {
-        FIH_RET(fih_rc);
+        goto total_out;
     }
 
     /* TODO: This assumes every sector has an equal size, should instead use
@@ -262,7 +262,7 @@ decrypt_image_inplace(const struct flash_area *fa_p,
     sect_size = sector.fs_size;
     sect_count = fa_p->fa_size / sect_size;
     for (sect = 0, size = 0; size < src_size && sect < sect_count; sect++) {
-        rc = decrypt_region_inplace(state, fa_p,hdr, size, sect_size);
+        rc = decrypt_region_inplace(enc_data, fa_p, hdr, size, sect_size);
         if (rc != 0) {
             FIH_RET(fih_rc);
         }
@@ -270,6 +270,9 @@ decrypt_image_inplace(const struct flash_area *fa_p,
     }
 
     fih_rc = FIH_SUCCESS;
+total_out:
+    boot_enc_zeorize(&enc_data);
+    boot_state_clear(&state);
     FIH_RET(fih_rc);
 }