diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 78bfe07187d..ceb8266e908 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -172,7 +172,7 @@ jobs:
     - name: install deps
       run: |
         sudo apt -qq update
-        sudo apt -qq install gperf
+        sudo apt -qq install gperf gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu
     - name: make release
       run: make release
     - name: upload artifacts
diff --git a/script/release.sh b/script/release.sh
index b9d893bf7a2..40f500fe55f 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -21,27 +21,45 @@ set -e
 project="runc"
 root="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")/..")"
 
+# Due to libseccomp being LGPL we must include its sources,
+# so download, install and build against it.
+function build_libseccomp() {
+	local ver="2.5.1"
+	local tar="libseccomp-${ver}.tar.gz"
+	local builddir="$1"
+
+	# Download.
+	wget "https://github.com/seccomp/libseccomp/releases/download/v${ver}/${tar}"{,.asc}
+
+	# Build and install.
+	tar xf "$tar"
+	pushd "libseccomp-${ver}"
+
+	LIBSECCOMP_PREFIX="$(mktemp -d)"
+	./configure --prefix="$LIBSECCOMP_PREFIX" --enable-static --disable-shared
+	make install
+	make clean
+
+	# Build and install for arm64.
+	LIBSECCOMP_PREFIX_ARM64="$(mktemp -d)"
+	./configure --host aarch64-linux-gnu --prefix="$LIBSECCOMP_PREFIX_ARM64" --enable-static --disable-shared
+	make install
+
+	# Put the sources to builddir.
+	mv "$tar"{,.asc} "$builddir"
+
+	# Clean.
+	popd
+	rm -rf "libseccomp-${LIBSECCOMP_PREFIX}"
+}
+
 # This function takes an output path as an argument, where the built
 # (preferably static) binary should be placed.
 function build_project() {
 	local builddir
 	builddir="$(dirname "$1")"
 
-	# Due to libseccomp being LGPL we must include its sources,
-	# so download, install and build against it.
-
-	local libseccomp_ver='2.5.1'
-	local tarball="libseccomp-${libseccomp_ver}.tar.gz"
-	local prefix
-	prefix="$(mktemp -d)"
-	wget "https://github.com/seccomp/libseccomp/releases/download/v${libseccomp_ver}/${tarball}"{,.asc}
-	tar xf "$tarball"
-	(
-		cd "libseccomp-${libseccomp_ver}"
-		./configure --prefix="$prefix" --enable-static --disable-shared
-		make install
-	)
-	mv "$tarball"{,.asc} "$builddir"
+	build_libseccomp "$builddir"
 
 	# For reproducible builds, add these to EXTRA_LDFLAGS:
 	#  -w to disable DWARF generation;
@@ -51,10 +69,15 @@ function build_project() {
 	# Add -a to go build flags to make sure it links against
 	# the provided libseccomp, not the system one (otherwise
 	# it can reuse cached pkg-config results).
-	make -C "$root" PKG_CONFIG_PATH="${prefix}/lib/pkgconfig" COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static
-	rm -rf "$prefix"
+	make -C "$root" PKG_CONFIG_PATH="${LIBSECCOMP_PREFIX}/lib/pkgconfig" COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static
 	strip "$root/$project"
 	mv "$root/$project" "$1"
+	# Build for arm64.
+	CGO_ENABLED=1 GOARCH=arm64 CC=aarch64-linux-gnu-gcc make -C "$root" PKG_CONFIG_PATH="${LIBSECCOMP_PREFIX_ARM64}/lib/pkgconfig" COMMIT_NO= EXTRA_FLAGS="-a" EXTRA_LDFLAGS="${ldflags}" static
+	strip "$root/$project"
+	mv "$root/$project" "$1/$project".arm64
+	# Cleanup.
+	rm -rf "${LIBSECCOMP_PREFIX}" "${LIBSECCOMP_PREFIX_ARM64}"
 }
 
 # End of the easy-to-configure portion.