diff --git a/src/core/loader/ncch.cpp b/src/core/loader/ncch.cpp
index 0f29ddb5..5a94dd55 100644
--- a/src/core/loader/ncch.cpp
+++ b/src/core/loader/ncch.cpp
@@ -54,14 +54,6 @@ bool NCCH::loadFromHeader(Crypto::AESEngine &aesEngine, IOFile& file, const FSIn
 	romFS.hashRegionSize = u64(*(u32*)&header[0x1B8]) * mediaUnit;
 
 	if (encrypted) {
-		if (!aesEngine.haveKeys()) {
-			Helpers::panic(
-				"Loaded an encrypted ROM but AES keys don't seem to have been provided correctly! Navigate to the emulator's\n"
-				"app data folder and make sure you have a sysdata directory with a file called aes_keys.txt which contains your keys!"
-			);
-			return false;
-		}
-
 		Crypto::AESKey primaryKeyY;
 		Crypto::AESKey secondaryKeyY;
 		std::memcpy(primaryKeyY.data(), header, primaryKeyY.size());
@@ -128,6 +120,14 @@ bool NCCH::loadFromHeader(Crypto::AESEngine &aesEngine, IOFile& file, const FSIn
 		}
 		// If it's truly encrypted, we need to read section again.
 		if (encrypted) {
+			if (!aesEngine.haveKeys()) {
+				Helpers::panic(
+					"Loaded an encrypted ROM but AES keys don't seem to have been provided correctly! Navigate to the emulator's\n"
+					"app data folder and make sure you have a sysdata directory with a file called aes_keys.txt which contains your keys!"
+				);
+				return false;
+			}
+
 			auto [success, bytes] = readFromFile(file, exheaderInfo, &exheader[0], 0, exheaderSize);
 			if (!success || bytes != exheaderSize) {
 				printf("Failed to read Extended NCCH header\n");