The largest hunk of kernel logic is IO. For the 370 kernel about 40% of the kernel was devoted either to supporting access by domains to raw IO devices, or to supporting the kernel’s disk cacheing service that hid the difference between disk and RAM from all domain code.
Page fault overhead for Keykos and each of several other OSes for the 370 was about 4k instructions. It would perhaps have been strategic remove this code from the kernel thus reducing the kernel’s size. It would have increased the TCB of the typical application, however, since the function was merely moved and new kernel interfaces would have been required to allow this function to work outside the kernel.
It seems plausible now (2003) to think of running a capability kernel in a pocket computer using a radio link to a distant disk in place of a disk in the pocket device. Such a scheme would require cryptographic style message authentication to ensure long term system integrity. Such function seems excessive to stuff into a kernel.
Such a scheme also badly strains the patterns promulgated here.