… and by October of 1990 a complete nanokernel was running on the Omron Luna/88K. The current nanokernel contains approximately 20,000 lines of C code and less than 2,000 lines of assembler code….
In addition, the ability to recover all run-time kernel data from checkpointed state means that an interruption of power does not disrupt running programs. Typically, the system loses only the last few seconds of keyboard input. At UNIFORUM '90, Key Logic pulled the plug on our UNIX system on demand. Within 30 seconds of power restoration, the system had resumed processing, complete with all windows and state that had previously been on the display. We are aware of no other UNIX implementation with this feature today….
The paging system is tied to the checkpoint mechanism, and is discussed in the section on checkpointing, below. Persistence extends across system shutdown and power failure. Several IBM 4341 systems ran for more than three years across power failures without a logical interruption of service.
KeyKOS Nanokernel Architecture [1]
Accordingly, KeyKOS also received a B3 security rating, and it's a multitasking, **multiuser** system. At best, Unix can get a C2, and Windows NT can get that if it's networking is removed. I don't think it's generally available, but one that is based upon KeyKOS, EROS, [2] is available, and GPLed.
[1] http://www.cis.upenn.edu/~KeyKOS/NanoKernel/NanoKernel.html