Despite having set 

ebsEncryptRootVolume: ENCRYPTED  

(I tried in both JCasC and UI) in my configuration, jenkins persists to launch new agents with unencrypted root volumes.
I checked in logs, it tells me there that it will be encrypted

2023-11-16 17:40:09.645+0000 [id=41]	INFO	hudson.plugins.ec2.SlaveTemplate#logProvisionInfo: SlaveTemplate{description='Amazon Linux', labels='worker-qa'}. EBS default encryption value set to: Encrypted (true) 

I really don't understand why it is not respected
Version used : 1609.v53b_02a_b_9e52d