Vehicle cybersecurity consists of internal security and external security. Dedicated security hardware will play an important role in car’s internal and external security communication. TPM (Trusted Platform Module) can serve as the security cornerstone when vehicle connects with external entity or constructs a trusted computing environment. Based on functions such as the storage of certificate, key derivation and integrity testing, we research the principle of how to construct a trusted environment in a vehicle which has telematics unit. HSM (Hardware Security Module) can help to realize the onboard cryptographic communication securely and quickly so as to protect data. For certain AURIX MCU consisting of HSM, the experiment result shows that cheaper 32-bit HSM’s AES calculating speed is 25 times of 32-bit main controller, so HSM is an effective choice to realize cybersecurity. After comparing two existing methods that realize secure CAN communication, A Modified SECURE CAN scheme is proposed, and differences of the three schemes are analyzed. Result shows that considering both communication time and attacks such as replay attack and eavesdropping, the Modified SECURE CAN communication has more advantage in practical applications. In a secure system, key derivation and management is a critical question. After comparing the computational efficiency of the RSA and ECC algorithm, an improved key derivation scheme to realize one-time pad is proposed based on ECDH algorithm. Key derivation among 3 ECUs is realized and derivation time is tested.