Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature Request] ONNX model file decryption/custom I/O hooks #22813

Open
vadimkantorov opened this issue Nov 12, 2024 · 2 comments
Open

[Feature Request] ONNX model file decryption/custom I/O hooks #22813

vadimkantorov opened this issue Nov 12, 2024 · 2 comments
Labels
feature request request for unsupported feature or enhancement

Comments

@vadimkantorov
Copy link

vadimkantorov commented Nov 12, 2024

Describe the feature request

For on-premises scenarios it might be good to allow the user to provide some hooks for reading/decrypting the model file for all main EP's including the CUDA EP.

This could be added by allowing the user to specify the .so shared file with custom I/O functions (Something like this already exists for TRT EP) or e.g. exporting I/O functions and allowing user to override them with LD_PRELOAD'ing custom overrides

Maybe also these I/O hooks could be used to implement some weight loading from S3 or from a custom user's checkpoint blob database.

Describe scenario use case

(For on-premises scenarios it might be good to allow the user to provide some hooks for reading/decrypting the model file)

@vadimkantorov vadimkantorov added the feature request request for unsupported feature or enhancement label Nov 12, 2024
@MaanavD
Copy link
Contributor

MaanavD commented Nov 12, 2024

Hey @vadimkantorov, wondering more about the goal behind doing this - what's your personal use case? Do you want onnxruntime to support encrypted models?

@vadimkantorov
Copy link
Author

vadimkantorov commented Nov 13, 2024

Deployment of on-prem model hosted in Triton/ORT with encrypted model ONNX file. Some foolproof decryption like provided for TRT EP engine encrypted cache would do (of course, a dedicated reverse engineer could do a dump of ORT process memory and extract the model weights and model graph)

@vadimkantorov vadimkantorov changed the title [Feature Request] ONNX model file decryption I/O hooks [Feature Request] ONNX model file decryption/custom I/O hooks Nov 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature request request for unsupported feature or enhancement
Projects
None yet
Development

No branches or pull requests

2 participants