diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 25cefd992..08d65cbc4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,6 +28,7 @@ jobs:
       fail-fast: false
       matrix:
         name:
+          - aarch64-linux
           - armhf-linux
           - i686-linux
           - i686-win
@@ -41,32 +42,50 @@ jobs:
             os: ubuntu-18.04
             packages: g++-multilib bc python3-zmq
             run-tests: true
+            check-security: true
+            check-symbols: true
             dep-opts: "NO_QT=1"
-            config-opts: "--enable-zmq --enable-glibc-back-compat --enable-reduce-exports LDFLAGS=-static-libstdc++"
+            config-opts: "--enable-zmq --enable-glibc-back-compat LDFLAGS=-static-libstdc++"
             goal: install
           - name: armhf-linux
             host: arm-linux-gnueabihf
             os: ubuntu-18.04
             packages: g++-arm-linux-gnueabihf
             run-tests: false
+            check-security: true
+            check-symbols: false
             dep-opts: "NO_QT=1"
-            config-opts: "--enable-glibc-back-compat --enable-reduce-exports --disable-tests"
+            config-opts: "--enable-glibc-back-compat --disable-tests LDFLAGS=-static-libstdc++"
+            goal: install
+          - name: aarch64-linux
+            host: aarch64-linux-gnu
+            os: ubuntu-18.04
+            packages: g++-aarch64-linux-gnu
+            run-tests: false
+            check-security: true
+            check-symbols: false
+            dep-opts: "NO_QT=1"
+            config-opts: "--enable-zmq --enable-glibc-back-compat --disable-tests LDFLAGS=-static-libstdc++"
             goal: install
           - name: x86_64-linux-nowallet
             host: x86_64-unknown-linux-gnu
             os: ubuntu-18.04
             packages: python3
             run-tests: true
+            check-security: true
+            check-symbols: true
             dep-opts: "NO_WALLET=1"
-            config-opts: "--enable-gui=qt5 --enable-glibc-back-compat --enable-reduce-exports --disable-wallet"
+            config-opts: "--enable-gui=qt5 --enable-glibc-back-compat --disable-wallet LDFLAGS=-static-libstdc++"
             goal: install
           - name: x86_64-linux-dbg
             host: x86_64-unknown-linux-gnu
             os: ubuntu-18.04
             packages: bc python3-zmq
             run-tests: true
+            check-security: true
+            check-symbols: false
             dep-opts: "DEBUG=1"
-            config-opts: "--enable-gui=qt5 --enable-zmq --enable-glibc-back-compat --enable-reduce-exports CPPFLAGS=-DDEBUG_LOCKORDER"
+            config-opts: "--enable-gui=qt5 --enable-zmq --enable-glibc-back-compat CPPFLAGS=-DDEBUG_LOCKORDER"
             goal: install
           - name: i686-win
             host: i686-w64-mingw32
@@ -78,8 +97,10 @@ jobs:
               sudo update-alternatives --set i686-w64-mingw32-g++  /usr/bin/i686-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             run-tests: true
+            check-security: true
+            check-symbols: false
             dep-opts: ""
-            config-opts: "--enable-reduce-exports --enable-gui=qt5"
+            config-opts: "--enable-gui=qt5"
             goal: install
           - name: x86_64-win
             host: x86_64-w64-mingw32
@@ -91,16 +112,20 @@ jobs:
               sudo update-alternatives --set x86_64-w64-mingw32-g++  /usr/bin/x86_64-w64-mingw32-g++-posix
               sudo update-binfmts --import /usr/share/binfmts/wine
             run-tests: true
+            check-security: true
+            check-symbols: false
             dep-opts: ""
-            config-opts: "--enable-reduce-exports --enable-gui=qt5"
+            config-opts: "--enable-gui=qt5"
             goal: install
           - name: x86_64-macos
             host: x86_64-apple-darwin11
             os: ubuntu-18.04
             packages: cmake imagemagick libcap-dev librsvg2-bin libz-dev libtiff-tools libtinfo5 python3-setuptools xorriso libtinfo5
             run-tests: false
+            check-security: false
+            check-symbols: false
             dep-opts: ""
-            config-opts: "--enable-gui=qt5 --enable-reduce-exports"
+            config-opts: "--enable-gui=qt5 --disable-tests"
             goal: deploy
             sdk: 10.11
 
@@ -166,7 +191,7 @@ jobs:
         run: |
           depends/${{ matrix.host }}/native/bin/ccache --max-size=$CCACHE_SIZE
           ./autogen.sh
-          ./configure --prefix=`pwd`/depends/${{ matrix.host }} ${{ matrix.config-opts }} || ( cat config.log && false)
+          ./configure --prefix=`pwd`/depends/${{ matrix.host }} ${{ matrix.config-opts }} --enable-reduce-exports || ( cat config.log && false)
           make $MAKEJOBS ${{ matrix.goal }} || ( echo "Build failure. Verbose build follows." && make ${{ matrix.goal }} V=1 ; false )
 
       - name: Run tests
@@ -176,6 +201,14 @@ jobs:
           qa/pull-tester/install-deps.sh
           qa/pull-tester/rpc-tests.py --coverage
 
+      - name: Check security
+        if: ${{ matrix.check-security }}
+        run: make -C src check-security
+
+      - name: Check symbols
+        if: ${{ matrix.check-symbols }}
+        run: make -C src check-symbols
+
       - name: Upload artifacts
         uses: actions/upload-artifact@v2
         with: