What you're trying to do is authenticate the machine apparently to the extension.
Extensions cannot read the filesystem directly. If they could, then malicious extensions (which are really just JavaScript with some special APIs) could export sensitive files to the Internet. JavaScript can read the filesystem through an interactive file picker, but I don't think that's the user experience that you want.
I think the answer lies in another direction, although I haven't tried it myself, so this is a suggestion rather than an answer.
I think you might have more success investigating whether you could leverage the operating system's digital certificate store. Then the problem becomes one of verifying that the machine has the certificate's private key in non-exportable storage. (Can the machine verifiably sign a random challenge? Is the certificate authority the company's CA? Things like that.)
Presumably all users would have their own logins. That would make the new questions be:
- Does the OS support client certificates that are per machine rather than per user?
- Does the OS support client certificates that are not password protected (because you don't want users to have to enter a password to authenticate the machine)?
- What do you want the properties of the client certificate to be (unique per machine vs the same one everywhere, valid lifetime/expiration, etc.)?
Since these certificates would be internal use only, you may not need to spend money on a lot of certificate infrastructure, but that depends on the size of your enterprise.
In any case, I think we are way beyond the scope of an Internet bulletin board. It becomes a question about issues other than how to write Firefox extensions.
