You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For on-premises scenarios it might be good to allow the user to provide some hooks for reading/decrypting the model file for all main EP's including the CUDA EP.
This could be added by allowing the user to specify the .so shared file with custom I/O functions (Something like this already exists for TRT EP) or e.g. exporting I/O functions and allowing user to override them with LD_PRELOAD'ing custom overrides
Hey @vadimkantorov, wondering more about the goal behind doing this - what's your personal use case? Do you want onnxruntime to support encrypted models?
Deployment of on-prem model hosted in Triton/ORT with encrypted model ONNX file. Some foolproof decryption like provided for TRT EP engine encrypted cache would do (of course, a dedicated reverse engineer could do a dump of ORT process memory and extract the model weights and model graph)
vadimkantorov
changed the title
[Feature Request] ONNX model file decryption I/O hooks
[Feature Request] ONNX model file decryption/custom I/O hooks
Nov 27, 2024
Describe the feature request
For on-premises scenarios it might be good to allow the user to provide some hooks for reading/decrypting the model file for all main EP's including the CUDA EP.
This could be added by allowing the user to specify the
.so
shared file with custom I/O functions (Something like this already exists for TRT EP) or e.g. exporting I/O functions and allowing user to override them with LD_PRELOAD'ing custom overridesMaybe also these I/O hooks could be used to implement some weight loading from S3 or from a custom user's checkpoint blob database.
Describe scenario use case
(For on-premises scenarios it might be good to allow the user to provide some hooks for reading/decrypting the model file)
The text was updated successfully, but these errors were encountered: