Skip to content

The trt_engine_decryption_lib_path environment variable renders encryption worthless #23290

New issue
New issue
Closed
Closed
The trt_engine_decryption_lib_path environment variable renders encryption worthless#23290
Labels
ep:TensorRTissues related to TensorRT execution providerstaleissues that have not been addressed in a while; categorized by a bot
@BengtGustafsson

Description

@BengtGustafsson
BengtGustafsson
opened on Jan 8, 2025

Describe the issue

As the end user can redirect encryption/decryption to their own library that for instance does not encryption the entire encryption facility is useless. It is mostly useless anyway as a perpetrator can replace the vendor specified library under its original name but providing an environment variable just for the benefit of perpetrators is even more ridiculous.

To reproduce

set the env var and observe bypassing of the encryption in the wink of an eye.

Urgency

Not urgent as encryption doesn't even work anyway.

Platform

Windows

OS Version

11

ONNX Runtime Installation

Built from Source

ONNX Runtime Version or Commit ID

1.20

ONNX Runtime API

C++

Architecture

X64

Execution Provider

TensorRT

Execution Provider Library Version

CUDA 11.6, TrT 10.4.0.26

Metadata

Metadata

Assignees

No one assigned

    Labels

    ep:TensorRTissues related to TensorRT execution providerstaleissues that have not been addressed in a while; categorized by a bot

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions